[Bug 3878] New: WarnWeakCrypto for non-PQ keys is suppressed if KexAlgorithms option is used
    bugzilla-daemon at mindrot.org 
    bugzilla-daemon at mindrot.org
       
    Thu Oct  9 03:53:45 AEDT 2025
    
    
  
https://bugzilla.mindrot.org/show_bug.cgi?id=3878
            Bug ID: 3878
           Summary: WarnWeakCrypto for non-PQ keys is suppressed if
                    KexAlgorithms option is used
           Product: Portable OpenSSH
           Version: 10.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pducklin at outlook.com
The new non-post-quantum crypto warning in sshconnect.c is
automatically suppressed if 'KexAlgorithms' is explicitly tweaked by
the user, even if the choices include a post-quantum-safe algorithm
that is not selected.
I suggest that this warning should always appear by default, and
explicitly turning off 'WarnWeakCrypto' should be required to suppress
it.
This would make any inadvertent ongoing use of non-post-quantum key
exchanges more obvious.
If this is not practicable, the ssh_config notes about the new warning
could be updated to say, "Be aware that if the 'KexAlgorithms' option
is used, this warning will not appear even if a non-post-quantum
algorithm is ultimately chosen and 'WarnWeakCrypto' is on."
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
    
    
More information about the openssh-bugs
mailing list