Re: [JSch-users] FIPS mode failure
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
Re: [JSch-users] FIPS mode failure
|
From: Scott S. <sc...@sm...> - 2015-03-16 21:56:31
|
Yes, it works in Java7!
I had to call setConfig("kex", ...) to force the new ecdh ones in front,
or else it still chose dhgex and then failed because the 2048 key size
could not be used.
Thanks!
- Scott
On 3/14/2015 8:12 PM, Atsuhiko Yamanaka wrote:
> Hi,
>
> +-From: Scott Smith <sc...@sm...> --
> |_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
> |
> |Yes, that works on Java8, I can now access the FIPS-mode server using
> |diffie-hellman-group-exchange-sha1 .
> |But it still fails on Java7, I assume because it can not generate keys >
> |1024?
>
> For a long time, Sun(and Oracle)'s default JCE provider had not
> supported the long key for DH. It may be worth trying other JCE provider
> like BouncyCastle on Java7.
>
> |Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
> |server on Java7 (that's mostly all I have here)?
>
> Does FIPS mode allow to use ecdh-sha2-nistp*? We have succeeded to
> support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
> and that functionality will be available on Java7.
> If you are interested in it, try
> http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip
>
> [1] https://twitter.com/ymnk/status/570116671899185152
> [2] http://tools.ietf.org/html/rfc5656
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skype callto://jcraft/
> Twitter: http://twitter.com/ymnk
> Facebook: http://facebook.com/aymnk
|
