On Thu, 11 Mar 2021, James Ralston wrote: > On Wed, Mar 10, 2021 at 7:43 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > > > On Wed, 10 Mar 2021, James Ralston wrote: > > > > > …if it is necessary to enable one of them for backward > > > compatibility with clients/servers that support only SHA-1 > > > algorithms, then this is the only one that should be enabled: > > > > > > * diffie-hellman-group14-sha1 (for KexAlgorithms) > > > * gss-group14-sha1- (for GSSAPIKexAlgorithms) > > > > Disagree. diffie-hellman-group-exchange-sha1 will use a > > bigger/better MODP group than group14. If I had to enable one then > > that would be it. > > Is this guaranteed to be true even if /etc/ssh/moduli contains small > primes (e.g. 1023 bits)? Yes, see dh_estimate() in dh.c - it will never select a <2048 bit group and will usually select one considerably larger, If /etc/moduli is missing then dh_new_group_fallback() will use either a 2k or 4k group. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
