[Bug 769] dh-group-exchange should be configurable off in client and server

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Dec 5 10:03:36 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=769





------- Additional Comments From jacobn+mindrot at chiark.greenend.org.uk  2003-12-04 16:03 -------
Erm, I hadn't taken into account what PuTTY asks for. It appears to use
old-style GEX (no min/max) and, I believe, asks for up to a 2048-bit group
(don't know offhand what it used in this instance).

Even with an OpenSSH_3.4p1 client it's still rather slow, though. I get a
7-10sec delay to the same host (from a reasonably fast client), which I think is
enough to cause people to avoid SSH-2. e.g.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1616/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
        [delay 8.8sec here]
debug1: Host 'foon.spork.example.org' is known and matches the RSA host key.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list