[Bug 3839] Is OpenSSH violating RFC4253 section 6

Tue Jun 17 21:27:28 AEST 2025

https://bugzilla.mindrot.org/show_bug.cgi?id=3839

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
They are not violating RFC4253 because they are different binary packet
protocol specifications that implement their own different rules. The
RFC4253 rules only apply to the original SSH ciphers and MACs.

I don't think there's a general rule that fits every situation.

Implementations that use *-etm at openssh.com MAC algorithms are another
transport case you need to consider. IIRC they are somewhere between
AES-GCM and chachapoly - they send the length in cleartext like AES-GCM
but apply the cipher blocksize only to the padlen+payload+padding.

So four possible cases:

1. *cbc/*ctr ciphers with original RFC4253 MACs (or umac*@openssh.com)
2. *cbc/*ctr ciphers with *-etm at openssh.com MACs (or umac*@openssh.com)
3. aes*-gcm at openssh.com
4. chacha20-poly1305 at openssh.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.