Bug ID 1238693: Adding SSHD support for rsa-sha2-256 and rsa-sha2-512 HostKeyAlgorithms and removing support for ed25519

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 17.1.0

Fixed In:
17.1.0.1, 16.1.4

Opened: Feb 10, 2023

Severity: 3-Major

Symptoms

In FIPS 140-3 mode, SSHD does not support rsa-sha2-256 and rsa-sha2-512 HostKeyAlgorithms, it supports ed25519 which is not FIPS approved.

Impact

SSHD does not support rsa-sha2-256 and rsa-sha2-512 HostKeyAlgorithms, it supports ed25519 which is not FIPS approved.

Conditions

System must be in FIPS 140-3 mode.

Workaround

None

Fix Information

SSHD should support rsa-sha2-256 and rsa-sha2-512 HostKeyAlgorithms and must reject ED25519.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips