[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 19 18:49:11 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2527
Bug ID: 2527
Summary: default algorithms mismatch between man pages and
myproposal.h
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: i at f2light.com
DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5)
differ with what openssh actually take.
NOTE: the following diff-style sections have the last algorithm ends
with ",". It's only for getting pretty diff result.
KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-etm at openssh.com
and hman-sha1 is taken by default.
--- DOCUMENT_SERVER_MAC
+++ CODE_SERVER_MAC
umac-64-etm at openssh.com,
umac-128-etm at openssh.com,
hmac-sha2-256-etm at openssh.com,
hmac-sha2-512-etm at openssh.com,
+hmac-sha1-etm at openssh.com,
umac-64 at openssh.com,
umac-128 at openssh.com,
hmac-sha2-256,
hmac-sha2-512,
+hmac-sha1,
KEX_CLIENT_ENCRYPT: rijndael-cbc at lysator.liu.se is missing in
ssh_config(5).
--- DOCUMENT_CLIENT_ENCRYPT
+++ CODE_CLIENT_ENCRYPT
chacha20-poly1305 at openssh.com,
aes128-ctr,
aes192-ctr,
aes256-ctr,
aes128-gcm at openssh.com,
aes256-gcm at openssh.com,
arcfour256,
arcfour128,
aes128-cbc,
3des-cbc,
blowfish-cbc,
cast128-cbc,
aes192-cbc,
aes256-cbc,
arcfour,
+rijndael-cbc at lysator.liu.se,
KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in
ssh_config(5), and hmac-ripemd160 at openssh.com is removed. (Probably
it's just an alias to hmac-ripemd160?)
--- DOCUMENT_CLIENT_MAC
+++ CODE_CLIENT_MAC
umac-64-etm at openssh.com,
umac-128-etm at openssh.com,
hmac-sha2-256-etm at openssh.com,
hmac-sha2-512-etm at openssh.com,
+hmac-sha1-etm at openssh.com,
umac-64 at openssh.com,
umac-128 at openssh.com,
hmac-sha2-256,
hmac-sha2-512,
+hmac-sha1,
hmac-md5-etm at openssh.com,
-hmac-sha1-etm at openssh.com,
hmac-ripemd160-etm at openssh.com,
hmac-sha1-96-etm at openssh.com,
hmac-md5-96-etm at openssh.com,
hmac-md5,
-hmac-sha1,
hmac-ripemd160,
-hmac-ripemd160 at openssh.com,
hmac-sha1-96,
hmac-md5-96,
P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG,
KEX_SERVER_ENCRYPT are correct.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list