Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I wish to withdraw my suggested patch to dh.c as what OpenSSH is using
for falling back to a value related to the client max is correct for
some flavors of that concept.

That said, I suspect what Joe wants is for the max provided by the
client to be advisory such that the minimum value provided by the moduli
file would be used if the client max is smaller than that value.

That is, if the client sent min=1024,n=1024,max=1025 and the minimum
modulus in the moduli file was min_moduli=3072bits, that the client max
value be ignored in favor of using the MAX(max,min_moduli). In this way,
the adinistrator that no longer wanted to support 2048 bit group14 for
clients would be able to support a 3072-bit minimum to be sent for the
client.

Is this what you wanted to address Joe?

I would have no objection to such a patch for OpenSSH.

	-- Mark

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux