[Bug 2680] Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 21 22:24:17 AEST 2017 

https://bugzilla.mindrot.org/show_bug.cgi?id=2680

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #9 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to Damien Miller from comment #7)
> (In reply to Jakub Jelen from comment #6)
> > Although the patch looks reasonable and I considered it as a
> > resolved issue, it is not as the current master (openssh 7.5) still
> > reports:
> > 
> > debug1: kex_input_ext_info:
> > server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-
> > dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
> 
> That's AFAIK what it's supposed to be, excepting the "null" at the
> end of the list - where does that come from?

That is gssapi key exchange. Sorry for confusion.

> > The correct list:
> > 
> > debug1: kex_input_ext_info:
> > server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> 
> Doesn't list non-RSA signature algorithms. Per
> https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info-10 :
> 
> > This extension is sent by the server, and contains a list of public
> > key algorithms that the server is able to process as part of a
> > "publickey" authentication request.
> 
> That doesn't limit the contents to just new signature algorithms.

Ok. So it was a change from the initial implementation. Thanks for a
clarification. But I am wondering what is the point of of listing all
the algorithms that are already defined by the standard in extension.
They are ignored by OpenSSH at least.

> We don't currently provide a knob to disable SHA1 signtures, but
> feel free to file another bug to request it and I'll try to get it
> done before 7.6.

I will do if it is the time already (it was not some time ago).

> Though there at least one error in the contents of server-sig-algs: we shouldn't offer ssh-dss when we're unwilling to offer a ssh-dss hostkey (true by default).

That is one of the thing I things why it is bogus to list all supported
pkalgs, when they are already negotiated.

Closing again, since it looks like it is correct according to the
draft. I will fill separate bugs for the other issues.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list