RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
In FIPS mode, during DH group exchange, OpenSSH client should validate the received moduli, making sure it is one of the known groups.

Version-Release number of selected component (if applicable):
openssh-7.8p1

How reproducible:
100%

Steps to Reproduce:
1. Connect to the server using dh group exchange kex mechanism

Actual results:
The client will use one of the non-approved moduli sent by server

Expected results:
The client should make sure it is one of the known groups that are offered when the moduli file is missing

Additional info:
At this moment, OpenSSH server is sending either group14, group16 or group18, depending on the negotiated parameters, when the moduli file is not available.

Additionally, we should modify the server in the FIPS mode to ignore the /etc/moduli and use only the hardcoded modulis. It is less fragile than having the file removed or renamed in the crypto-policies FIPS setup.

The alternative is to disable the dh-group-exchange in the FIPS policy completely. We would lose the compatibility with RHEL-6 this way, on the other hand the compatibility is limited anyway as the RHEL-6 has to have the /etc/moduli file removed to send group14 and not some random prime from the moduli file.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3702