Re: playing around with removing algos

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/02/2017 07:21 PM, Cristian Ionescu-Idbohrn wrote:
On Tue, 2 May 2017, Colin Watson wrote:
On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote:
$ ssh -vvv -oMacs=umac-64@xxxxxxxxxxx localhost : 2>&1 | egrep -i 'macs|umac'
debug2: MACs ctos: umac-64@xxxxxxxxxxx
debug2: MACs stoc: umac-64@xxxxxxxxxxx
debug2: MACs ctos: umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1

No error/warning/anything.

I should also mention that this is the Debian packaged openssh 7.5p1.
It applies some 31 patches to the source.  I can't tell if they
interfere with the proper behaviour, it doesn't seem so, but I can't
exclude the risc.  Colin might.

A clean build from upstream git master produces identical output from
the above test command.

Thanks.  This points then to an upstream bug.

My guess is that you are using chacha20-poly1305@xxxxxxxxxxx cipher (not visible from this output), which does not need MAC (the message authentication is already part of the cipher definition -- poly1305). Therefore it does not need to agree on common MAC and it just works without that.

Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux