[openssl-users] DSA2048 support in openssl-fips-2.0.14.

Manjunath SM manjunathsm1 at gmail.com
Sat Oct 21 23:25:10 UTC 2017

2nd try,

On 17 Oct 2017 3:16 pm, "Manjunath SM" <manjunathsm1 at gmail.com> wrote:

Hi All,
Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K.
Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set).

Created DSA2048 host key at server which is running in FIPS mode,
With this configuration when am trying to do SSH from ssh client am getting
below error.

The authenticity of host ' (' can't be
but keys of different type are already known for this host.
DSA key fingerprint is 31:75:2c:96:ac:9c:11:f8:3b:39:0b:86:ba:88:51:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (DSA) to the list of known

*ssh_dss_verify: remaining bytes in signature 24key_verify failed for

SSH client version is
 OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

In FIPS use guide  I do see, DSA 2048 is supported.
Does any one faced similar issue ?If so pls share the findings.

“Take care of the earth and she will take care of you.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171022/b35d7910/attachment.html>

More information about the openssl-users mailing list