On 16/10/15 21:07, Damien Miller wrote:
Hi,
I just committed a change to HEAD that raises the minimum Diffie-Hellman
group size that the client will accept from 1024 to 2048 bits.
Connections to well-behaved servers should not be affected by this
change, but I've identified at least one case where a misconfigured
server can cause connection failure. The errors look like:
ssh_dispatch_run_fatal: Connection to 10.1.1.1: DH GEX group out of
range
The problematic software is OpenSSH<3.9 or Sun_SSH (all versions).
It will use a fixed 1024 bit DH group as an implicit fallback if
/etc/ssh/moduli is missing, unreadable or empty.
Thanks for the heads-up.
We know that people will find that a bit cryptic. What about showing a
message like:
"A Diffie-Hellman group of %d bits is too weak. Does the server have a
/etc/ssh/moduli file with suitable values?"
Best regards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
