Hi, I complied and installed FIPS capable OPENSSL 1.0.1c and OPENSSH 6.1p1 with FIPS. While debugging i found that SSH fails for *ctr* mode of cipher operation. Is it because of a buggy patch? Here is what i get when i connect using aes256-ctr
FIPS mode initialized debug1: inetd sockets after dupping: 3, 3 Connection from 127.0.0.1 port 51395 debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1 Debian-6+squeeze1 debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.1 debug1: permanently_set_uid: 101/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] aes_misc.c(73): OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS mode! debug1: do_cleanup Thanks, Cipher -- View this message in context: http://openssl.6102.n7.nabble.com/ctr-mode-is-not-supported-in-FIPS-mode-tp44709.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
