Hey. Since there was no real conclusion on this, neither against nor clearly in favour, I've opened two tickets for the records: #2302 (https://bugzilla.mindrot.org/show_bug.cgi?id=2302) Asking to not fall back to diffie-hellman-group14-sha1 when this was "explicitly" disabled via the KEX algo preference list of either ssh or sshd. #2303 (https://bugzilla.mindrot.org/show_bug.cgi?id=2303) Asking one to allow to specify the min and max values for DH GEX on the ssh/libssh side. I actually tried to write a small patch for #2303,... but while adding a new config options is quite easy,... correctly feeding min/max values through all the function calls to kexgex[c|s] seems to bit more tricky (I guess one would need to add these to the Kex struct and probably this would also change the ABI of libssh?) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev