[Bug 3878] WarnWeakCrypto for non-PQ keys is suppressed if KexAlgorithms option is used
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Oct 10 00:13:34 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3878
--- Comment #2 from Duck <pducklin at outlook.com> ---
TBH, a command line option that explicitly and compactly lists all
crypto algorithms chosen for use once the connection is established
would be good.
You can figure out what happened with -vv or -vvv, but it's a bit of a
messy and error-prone way to do it.
Encouraging (or at least making it easy for) people to check their
actual crypto usage from time to time is a great way of promoting
strong crypto and crypto agility.
Not much point in WarnWeakCrypto if there is no simple and standard way
to check the details behind the warning and thereby fix the problem
solidly :-)
My 2c.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list