Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
3
Replies

CSCvu10721 - SSH connection getting rejected having RSA key size of 2048 and FIPS mode enabled

JohnLuce95601
Level 1
Level 1

‎02-23-2021 11:03 AM

Question if I am reading this correctly. On this bug it states that it was fixed. Does that mean its fixed by using the workaround or it has been fixed via an updated piece of firmware. We ran into the bug after upgrading to 9.3.5 of NX-OS on a 93180YC-FX switch, and applied the work around. I looked at both the release notes for 9.35 and 9.3.6 and did not find this issue noted as corrected. Unfortunately the security folks aren't happy with us using ecdsa and would prefer us to be using RSA keys as the STIG security settings call for.

4 people had this problem
Labels:
0 Helpful
3 Replies 3

EircDreckman99337
Level 1
Level 1

‎02-24-2021 12:40 PM

We have updated our switches up to 9.3.6, and cannot get the RSA key to work still. ECDSA works but like you said security and STIGs, want RSA. As well as other applications, DCNM isn't working with ECDSA, hopefully gets address soon.

0 Helpful

KevinGolden74429
Level 1
Level 1

‎04-29-2021 03:32 PM

I am having the very same issue running 9.3(5) STIG calls for FIPS enable. work around works but not sure ECDSA 521 satisfies the STIG requirements.

0 Helpful

Bil M
Level 1
Level 1

‎06-16-2021 06:45 AM

This is also affecting my switches and we are upgraded to 10.1(1). 

0 Helpful
Customers Also Viewed These Support Documents