Re: [EC]DH KEx and how to restrict ssh/sshd to secure(er) DH parameters

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hey.

Since there was no real conclusion on this, neither against nor clearly
in favour, I've opened two tickets for the records:

#2302 (https://bugzilla.mindrot.org/show_bug.cgi?id=2302)
Asking to not fall back to diffie-hellman-group14-sha1 when this was
"explicitly" disabled via the KEX algo preference list of either ssh or
sshd.

#2303 (https://bugzilla.mindrot.org/show_bug.cgi?id=2303)
Asking one to allow to specify the min and max values for DH GEX on the
ssh/libssh side.


I actually tried to write a small patch for #2303,... but while adding a
new config options is quite easy,... correctly feeding min/max values
through all the function calls to kexgex[c|s] seems to bit more tricky
(I guess one would need to add these to the Kex struct and probably this
would also change the ABI of libssh?)


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux