OpenSSH 5.8 connections reset by IPS, but older OpenSSH versions work

When I upgraded from OS 11.2 to OS 11.4, I discovered that the network intrusion prevention system (IPS) is resetting my SSH connections. This did not happen with OS 11.2, and it doesn’t happen with RHEL 5 nor with Fedora 14. It did happen with Cygwin until I reverted form Cygwin OpenSSH 5.8p1 to 5.6p1. Fedora has OpenSSH_5.5p1 which does work. I don’t recall the version on RHEL 5, but I’m confident it’s older.

These are the last lines of output from susebox# ssh -vvv remotehost.domain

debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer

I know this is from the IPS because the reset has a different TTL than the remote host, and it only happens when I go through the IPS. Interestingly, I CAN ssh to the OS 11.4 host from the remote host. The IPS administrator was no help.

The IPS is an IBM Proventia 5108, or similar.

Any ideas?