[openssh-commits] [openssh] branch master updated (67a115e7 -> fe6c6330)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Oct 14 09:21:12 AEDT 2024


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from 67a115e7 upstream: fix previous change to ssh_config Match, which broken on
     new 0051381a upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
     new 538cd285 upstream: remove duplicate misc.h include ok dtucker@
     new fe6c6330 upstream: don't start the ObscureKeystrokeTiming mitigations if

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit fe6c6330c1a94c7a537efe9069853ce7a275c50a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 13 22:20:06 2024 +0000

    upstream: don't start the ObscureKeystrokeTiming mitigations if
    
    there has been traffic on a X11 forwarding channel recently.
    
    Should fix X11 forwarding performance problems when this setting is
    enabled. Patch from Antonio Larrosa via bz3655
    
    OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab

commit 538cd28598ae942c94b99855b06fdd937e2e7381
Author: jsg at openbsd.org <jsg at openbsd.org>
Date:   Sat Oct 12 10:50:37 2024 +0000

    upstream: remove duplicate misc.h include ok dtucker@
    
    OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e

commit 0051381a8c33740a77a1eca6859efa1c78887d80
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 6 23:37:17 2024 +0000

    upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
    
    exchange in sshd by default. Specifically, this removes the
    diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
    is unchanged and continues to support these methods by default.
    
    Finite field Diffie Hellman is slow and computationally expensive for
    the same security level as Elliptic Curve DH or PQ key agreement while
    offering no redeeming advantages.
    
    ECDH has been specified for the SSH protocol for 15 years and some
    form of ECDH has been the default key exchange in OpenSSH for the last
    14 years.
    
    ok markus@
    
    OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da

Summary of changes:
 channels.c    | 21 ++++++++++++++++++++-
 channels.h    |  3 ++-
 clientloop.c  |  7 ++++---
 mux.c         |  3 +--
 myproposal.h  |  8 ++++----
 sshd_config.5 |  9 +++------
 6 files changed, 34 insertions(+), 17 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list