The 'source of truth' on what Red Hat has/has not certified is the US
Gov Standards page:
https://www.redhat.com/en/technologies/industries/government/standards
Which has URLs to the formal NIST 140-2 certification paperwork. In the
case of OpenSSH (server):
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2630
Which points you to the 'Security Policy' paperwork:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2630.pdf
Certified algorithms are listed in '10.1.1 OpenSSH Configuration', which
reads:
> The user must not use DSA keys for performing key-based authentication
> as OpenSSH only allows DSA keys with 1024 bit size which are
> disallowed as per SP800-131A.
>
> The user must not accept DSA host keys potentially offered during the
> first contact of an SSH server as OpenSSH only allows DSA keys with
> 1024 bit size which are disallowed as per SP800- 131A.
>
> When re-generating RSA host keys, the crypto officer should generate
> RSA keys with a size of 2048 bit or higher according to [SP800-131A].
> The crypto officer should inform the user base to not use RSA keys
> with key sizes smaller than 2048 bits.
>
> In FIPS 140-2 mode, the following restrictions are applicable. When
> these restrictions are violated by configuration options or command
> line options, the module will not be in the FIPS mode of operation:
>
> • SSH protocol version 1 is not allowed
> • GSSAPI is not allowed
> • Only the following ciphers are allowed:
> • aes128-ctr
> • aes192-ctr
> • aes256-ctr
> • aes128-cbc
> • aes192-cbc
> • aes256-cbc
> • 3des-cbc
> •
rijnda...@lysator.liu.se
>
> Only the following message authentication codes are allowed:
> • hmac-sha1
> • hmac-sha2-256
> • hmac-sha2-512
> •
hmac-s...@openssh.com
> •
hmac-sha...@openssh.com
> •
hmac-sha...@openssh.com
>
> Any use of other ciphers or algorithms will results in the module
> entering the non-FIPS mode of operation.
Note the gcm ciphers Trevor mentioned are not listed =/