[Bug 769] dh-group-exchange should be configurable off in client and server
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Dec 5 10:03:36 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=769
------- Additional Comments From jacobn+mindrot at chiark.greenend.org.uk 2003-12-04 16:03 -------
Erm, I hadn't taken into account what PuTTY asks for. It appears to use
old-style GEX (no min/max) and, I believe, asks for up to a 2048-bit group
(don't know offhand what it used in this instance).
Even with an OpenSSH_3.4p1 client it's still rather slow, though. I get a
7-10sec delay to the same host (from a reasonably fast client), which I think is
enough to cause people to avoid SSH-2. e.g.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1616/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
[delay 8.8sec here]
debug1: Host 'foon.spork.example.org' is known and matches the RSA host key.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list