[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 26 16:10:58 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned-bugs at mindrot.org |dtucker at zip.com.au
CC| |dtucker at zip.com.au
Attachment #2630| |ok?(djm at mindrot.org)
Flags| |
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
Created attachment 2630
--> https://bugzilla.mindrot.org/attachment.cgi?id=2630&action=edit
Make the DH-GEX fallback group 4k bit.
This makes the fallback group a new 4kbit group as long as the client
accepts groups at least that big (which is a SHOULD in RFC4419),
otherwise it continues to use group14.
I didn't go bigger than 4kbit because I know some implementations have
problems coping with them.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list