https://bugzilla.mindrot.org/show_bug.cgi?id=3603
--- Comment #20 from Dmitry Belyavskiy <dbely...@redhat.com> --- I see several problems with the proposed patch. It resolves the case when the run-time and build-time OpenSSL version differs in capabilities. The problem is it relies on legacy OpenSSL API that contradicts the initial request (FIPS compatibility). Also EC curve detection uses the API OpenSSL considers legacy (and so not FIPS-compliant). And from the FIPS perspective, all NIST curves supported by OpenSSH are allowed. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs