Yes, it works in Java7!
I had to call setConfig("kex", ...) to force the new ecdh ones in front,
or else it still chose dhgex and then failed because the 2048 key size
could not be used.
Thanks!
- Scott
On 3/14/2015 8:12 PM, Atsuhiko Yamanaka wrote:
> Hi,
>
> +-From: Scott Smith <sc...@smithdomain.com> --
> |_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
> |
> |Yes, that works on Java8, I can now access the FIPS-mode server using
> |diffie-hellman-group-exchange-sha1 .
> |But it still fails on Java7, I assume because it can not generate keys >
> |1024?
>
> For a long time, Sun(and Oracle)'s default JCE provider had not
> supported the long key for DH. It may be worth trying other JCE provider
> like BouncyCastle on Java7.
>
> |Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
> |server on Java7 (that's mostly all I have here)?
>
> Does FIPS mode allow to use ecdh-sha2-nistp*? We have succeeded to
> support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
> and that functionality will be available on Java7.
> If you are interested in it, try
> http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip
>
> [1] https://twitter.com/ymnk/status/570116671899185152
> [2] http://tools.ietf.org/html/rfc5656
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skype callto://jcraft/
> Twitter: http://twitter.com/ymnk
> Facebook: http://facebook.com/aymnk
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
