cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
852
Views
0
Helpful
3
Replies

CSCvu10721 - SSH connection getting rejected having RSA key size of 2048 and FIPS mode enabled

JohnLuce95601
Level 1
Level 1

Question if I am reading this correctly. On this bug it states that it was fixed. Does that mean its fixed by using the workaround or it has been fixed via an updated piece of firmware. We ran into the bug after upgrading to 9.3.5 of NX-OS on a 93180YC-FX switch, and applied the work around. I looked at both the release notes for 9.35 and 9.3.6 and did not find this issue noted as corrected. Unfortunately the security folks aren't happy with us using ecdsa and would prefer us to be using RSA keys as the STIG security settings call for.

3 Replies 3

We have updated our switches up to 9.3.6, and cannot get the RSA key to work still. ECDSA works but like you said security and STIGs, want RSA. As well as other applications, DCNM isn't working with ECDSA, hopefully gets address soon.

I am having the very same issue running 9.3(5) STIG calls for FIPS enable. work around works but not sure ECDSA 521 satisfies the STIG requirements.

Bil M
Level 1
Level 1

This is also affecting my switches and we are upgraded to 10.1(1). 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: