GUACAMOLE-1669: Merge fix for RSA key upgrade failure if FIPS mode is enabled.

This commit is contained in:
Mike Jumper 2022-09-13 14:45:55 -07:00 committed by GitHub
commit b20afa275a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -49,9 +49,12 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
/** /**
* A list of all key exchange algorithms that are both FIPS-compliant, and * A list of all key exchange algorithms that are both FIPS-compliant, and
* OpenSSL-supported. * OpenSSL-supported. Note that "ext-info-c" is also included. While not a key
* exchange algorithm per se, it must be in the list to ensure that the server
* will send a SSH_MSG_EXT_INFO response, which is required to perform RSA key
* upgrades.
*/ */
#define FIPS_COMPLIANT_KEX_ALGORITHMS "diffie-hellman-group-exchange-sha256" #define FIPS_COMPLIANT_KEX_ALGORITHMS "diffie-hellman-group-exchange-sha256,ext-info-c"
/** /**
* A list of ciphers that are both FIPS-compliant, and OpenSSL-supported. * A list of ciphers that are both FIPS-compliant, and OpenSSL-supported.