e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512 are fine, they use PSS. On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997@xxxxxxxxx> wrote: > > Also can we do anything with ssh-rsa? It uses both SHA-1 and > deprecated PKCS#1 padding. If it's used to sign certificates, there's > no additional protection of SHA-2 hashing before SHA-1 signature, it > just signs the raw certificate. > > On Sat, Jan 19, 2019 at 11:32 PM Yegor Ievlev <koops1997@xxxxxxxxx> wrote: > > > > I'm not sure if collision resistance is required for DH key > > derivation, but generally, SHA-1 is on its way out. If it's possible > > (if there's not a very large percentage of servers that do not support > > anything newer), it should be disabled. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev