On 09/24/2017 11:13 PM, Mark D. Baushke wrote:
I wish to withdraw my suggested patch to dh.c as what OpenSSH is using for falling back to a value related to the client max is correct for some flavors of that concept. That said, I suspect what Joe wants is for the max provided by the client to be advisory such that the minimum value provided by the moduli file would be used if the client max is smaller than that value. That is, if the client sent min=1024,n=1024,max=1025 and the minimum modulus in the moduli file was min_moduli=3072bits, that the client max value be ignored in favor of using the MAX(max,min_moduli). In this way, the adinistrator that no longer wanted to support 2048 bit group14 for clients would be able to support a 3072-bit minimum to be sent for the client. Is this what you wanted to address Joe?
Sure, that's one way to handle it. As I mentioned in my reply to djm, the server can either disconnect or just send the 3072-bit modulus and let the client decide what it wants to do.
I don't feel too strongly about either option, as long as the end result is the code respects the admin's decision on minimum modulus sizes to use. That's my main concern.
I would have no objection to such a patch for OpenSSH. -- Mark
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev