Re: Can we disable diffie-hellman-group-exchange-sha1 by default?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Also, how are default moduli shipped with OpenSSH for use in
diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
randomly by developers or are they chosen for security properties? If
they are random, why not use moduli from RFC 7919 instead, like
Mozilla recommends?

On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb@xxxxxxxxxxx> wrote:
>
> Yegor Ievlev <koops1997@xxxxxxxxx> writes:
>
> > Can we disable diffie-hellman-group14-sha1 too?
>
> It is possible to disable the diffie-hellman-group14-sha1 key exchange,
> but I personally recommend you just put it at the end of the list, so it
> is not normally used for the key exhcange unless that is the ONLY thing
> that your client has in common with the server (or vice versa).
>
> I know of a number of devices out there which want one of the MTI key
> exchange methods to be used.
>
>         -- Mark
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux