[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jul 16 23:28:18 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3322
--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
> I got a (possible wrong) impression that the default value is used on creation.
Creation of the SSHFP records? It iterates over the available digest
types in export_dns_rr():
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
rdata_digest_type = dtype;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
&rdata_digest, &rdata_digest_len, key)) {
$ ./ssh-keygen -r fw
fw IN SSHFP 1 1 [...]
fw IN SSHFP 1 2 [...]
fw IN SSHFP 2 1 [...]
fw IN SSHFP 2 2 [...]
fw IN SSHFP 3 1 [...]
fw IN SSHFP 3 2 [...]
fw IN SSHFP 4 1 [...]
fw IN SSHFP 4 2 [...]
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list