[Bug 3878] New: WarnWeakCrypto for non-PQ keys is suppressed if KexAlgorithms option is used

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Oct 9 03:53:45 AEDT 2025


https://bugzilla.mindrot.org/show_bug.cgi?id=3878

            Bug ID: 3878
           Summary: WarnWeakCrypto for non-PQ keys is suppressed if
                    KexAlgorithms option is used
           Product: Portable OpenSSH
           Version: 10.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pducklin at outlook.com

The new non-post-quantum crypto warning in sshconnect.c is
automatically suppressed if 'KexAlgorithms' is explicitly tweaked by
the user, even if the choices include a post-quantum-safe algorithm
that is not selected.

I suggest that this warning should always appear by default, and
explicitly turning off 'WarnWeakCrypto' should be required to suppress
it.

This would make any inadvertent ongoing use of non-post-quantum key
exchanges more obvious.

If this is not practicable, the ssh_config notes about the new warning
could be updated to say, "Be aware that if the 'KexAlgorithms' option
is used, this warning will not appear even if a non-post-quantum
algorithm is ultimately chosen and 'WarnWeakCrypto' is on."

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list