[Bug 2929] OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Nov 14 21:24:45 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Jakub Jelen from comment #0)
> The RFC 8308 specifies, that the SSH_MSG_EXT_INFO message should be
> sent after the *first* SSH_MSG_NEWKEYS message, while the OpenSSH
> server sends it also after the rekey:
>
> > o As the next packet following the server's first SSH_MSG_NEWKEYS.
Under what conditions does the server send SSH_MSG_EXT_INFO a second
time? The client removes it from the proposal once sent:
sshconnect2.c:().
/* remove ext-info from the KEX proposals for rekeying */
myproposal[PROPOSAL_KEX_ALGS] =
compat_kex_proposal(options.kex_algorithms);
and kex.c sets the handler to return an error after the first instance:
kex.c:kex_input_ext_info():
debug("SSH2_MSG_EXT_INFO received");
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
even removing that dispatch_set on the client side I can only see a
single SSH2_MSG_EXT_INFO received on the client side.
> Side note:
> The draft-ssh-ext-info-04 from [1] is already RFC [2], so the page
> could make use of an update. Also the draft-rsa-dsa-sha2-256-03 is
> already RFC [3].
>
> [1] http://www.openssh.com/specs.html
> [2] https://tools.ietf.org/html/rfc8308
> [3] https://tools.ietf.org/html/rfc8332
Fixed those, thanks. I periodically check them but don't always catch
status changes.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list