[Bug 2680] Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 21 22:24:17 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2680
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to Damien Miller from comment #7)
> (In reply to Jakub Jelen from comment #6)
> > Although the patch looks reasonable and I considered it as a
> > resolved issue, it is not as the current master (openssh 7.5) still
> > reports:
> >
> > debug1: kex_input_ext_info:
> > server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-
> > dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
>
> That's AFAIK what it's supposed to be, excepting the "null" at the
> end of the list - where does that come from?
That is gssapi key exchange. Sorry for confusion.
> > The correct list:
> >
> > debug1: kex_input_ext_info:
> > server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
>
> Doesn't list non-RSA signature algorithms. Per
> https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info-10 :
>
> > This extension is sent by the server, and contains a list of public
> > key algorithms that the server is able to process as part of a
> > "publickey" authentication request.
>
> That doesn't limit the contents to just new signature algorithms.
Ok. So it was a change from the initial implementation. Thanks for a
clarification. But I am wondering what is the point of of listing all
the algorithms that are already defined by the standard in extension.
They are ignored by OpenSSH at least.
> We don't currently provide a knob to disable SHA1 signtures, but
> feel free to file another bug to request it and I'll try to get it
> done before 7.6.
I will do if it is the time already (it was not some time ago).
> Though there at least one error in the contents of server-sig-algs: we shouldn't offer ssh-dss when we're unwilling to offer a ssh-dss hostkey (true by default).
That is one of the thing I things why it is bogus to list all supported
pkalgs, when they are already negotiated.
Closing again, since it looks like it is correct according to the
draft. I will fill separate bugs for the other issues.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list