Hello, ( note, this is fixed in openssh-7.2p2 ) I was checking that openssh's sshd respected the "RekeyLimit" setting and noticed that it did not seem to respect the setting for blocks ( i.e. RekeyLimit 1K would not rekey ). I examined this a bit and realized that the issue seems to be in monitor.c:monitor_apply_keystate where set_newkeys is called before packet_set_rekey_limits. Since set_newkeys requires packet_set_rekey_limits to set the max blocks value, it results in the requested limits never being set. This is OpenSSH-6.6p1 with patches from Fedora. The patches don't seem to affect this issue. This is also fixed in OpenSSH-7.2p2. I thought it was worth bringing up since I didn't see in any release notes when it got fixed and it was a bit of a head-scratcher. Cheers, Ethan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
