Dne 25.1.2014 11:17, Darren Tucker napsal(a): > On Fri, Jan 24, 2014 at 05:28:03PM +0100, Petr Lautrbach wrote: >> On 01/21/2014 05:14 PM, Petr Lautrbach wrote: >>> Hello everybody, >>> >>> An issue was reported in RH bugzilla [1] about the size of the used DH >>> group when combined with the 3des-cbc cipher. OpenSSH uses the >>> actual key length for the size estimation. This is probably fine as far >>> as the cipher has the same number of bits of security as the key >>> length. But this is not true for 3TDEA where the key size is 168 resp >>> 192 but it's security is only 112. >>> >>> Given that the key size in openssh is set to 192, DH group size is >>> estimated to 7680. But according to NIST SP 800-57, the size of DH key >>> should be 2048 so openssh doesn't follow that and it might cause >>> problems with key exchanges with some servers. >>> >> >> It was confirmed that openssh can't connect to the server with a server string >> 'SSH-2.0-cryptlib' using diffie-hellman-group-exchange-sha1 and 3des-cbc with >> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192). > > Thanks for the patch. Since we are so close to the 6.5 release I have > committed a smaller change that should still resolve the problem > (confirmed by checking the debug output for the requested group sizes). > Works, thanks. I'll try to communicate a change with the other side to follow RFC and provide at least the largest group it knows. Petr -- Petr Lautrbach <plautrba at redhat.com>, Red Hat, Inc.
