Re: Temporary Crypto Glitches ... ??

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2021/11/11 12:49, Konrad Bucheli wrote:
> Hi Jochen
> 
> We run a few thousands of hosts with varying quality of internet lines.
> It is a fallback procedure to try to only use ed25519 crypto if the
> connection fails half-way through. The reason is that it needs only smaller
> packets which can help if there there is (more) trouble with bigger network
> packets.

This often indicates problems where some links have smaller than usual
MTUs, in combination with missing ICMP fragmentation-needed messages
(usually due to incorrect firewall configuration somewhere on the path).
The handshake won't be the only place where you run into problems though,
using ed25519 to sidestep this just pushes the problem deeper and you're
likely to run into stalls during either file transfers or with large
amounts of output. Reducing MTU (or clamping the TCP MSS) might be a
better idea if you know you have to work over broken networks.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux