[Bug 3878] New: WarnWeakCrypto for non-PQ keys is suppressed if KexAlgorithms option is used
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Oct 9 03:53:45 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3878
Bug ID: 3878
Summary: WarnWeakCrypto for non-PQ keys is suppressed if
KexAlgorithms option is used
Product: Portable OpenSSH
Version: 10.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: pducklin at outlook.com
The new non-post-quantum crypto warning in sshconnect.c is
automatically suppressed if 'KexAlgorithms' is explicitly tweaked by
the user, even if the choices include a post-quantum-safe algorithm
that is not selected.
I suggest that this warning should always appear by default, and
explicitly turning off 'WarnWeakCrypto' should be required to suppress
it.
This would make any inadvertent ongoing use of non-post-quantum key
exchanges more obvious.
If this is not practicable, the ssh_config notes about the new warning
could be updated to say, "Be aware that if the 'KexAlgorithms' option
is used, this warning will not appear even if a non-post-quantum
algorithm is ultimately chosen and 'WarnWeakCrypto' is on."
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list