[openssl-users] DSA2048 support in openssl-fips-2.0.14.

Manjunath SM manjunathsm1 at gmail.com
Tue Oct 17 09:46:00 UTC 2017

Hi All,
Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K.
Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set).

Created DSA2048 host key at server which is running in FIPS mode,
With this configuration when am trying to do SSH from ssh client am getting
below error.

The authenticity of host ' (' can't be
but keys of different type are already known for this host.
DSA key fingerprint is 31:75:2c:96:ac:9c:11:f8:3b:39:0b:86:ba:88:51:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (DSA) to the list of known

*ssh_dss_verify: remaining bytes in signature 24key_verify failed for

SSH client version is
 OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

In FIPS use guide  doI see, DSA 2048 is supported.
Does any one faced similar issue ?If so pls share the findings.

“Take care of the earth and she will take care of you.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/129b75f9/attachment.html>

More information about the openssl-users mailing list