On Sat, Jan 25, 2014 at 3:28 AM, Petr Lautrbach <plautrba at redhat.com> wrote: > It was confirmed that openssh can't connect to the server with a server string > 'SSH-2.0-cryptlib' using diffie-hellman-group-exchange-sha1 and 3des-cbc with > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192). > > It's due to a issue in its code [1] which takes only requested value Well, that's a bug in cryptlib, but I'll let you follow that one up. > and is limited only to 4096 bits. RFC4419 says supporting groups up to 8k is a SHOULD, so that seems ok. > So I've made a patch [2] as a POF which adds a security length column and > uses this value for dh_estimation. For 3des-cbc it's 14 which makes 2048 of preferred > DH group size: > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) > > and I've got confirmed that is solves the issue with this particular server. [...] > [2] http://fedorapeople.org/~plautrba/openssh/cipher-security-size.patch BTW I think there's a bug in your patch: + u_int mode, ctos, need, dh_need, authlen; [...] + if (dh_need < newkeys->enc.sec_len) + dh_need = newkeys->enc.sec_len; [...] + kex->dh_need = ( dh_need ? dh_need : need ); dh_need is used uninitialized. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
