[openssh-commits] [openssh] branch master updated (67a115e7 -> fe6c6330)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Oct 14 09:21:12 AEDT 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 67a115e7 upstream: fix previous change to ssh_config Match, which broken on
new 0051381a upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
new 538cd285 upstream: remove duplicate misc.h include ok dtucker@
new fe6c6330 upstream: don't start the ObscureKeystrokeTiming mitigations if
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit fe6c6330c1a94c7a537efe9069853ce7a275c50a
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Oct 13 22:20:06 2024 +0000
upstream: don't start the ObscureKeystrokeTiming mitigations if
there has been traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655
OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
commit 538cd28598ae942c94b99855b06fdd937e2e7381
Author: jsg at openbsd.org <jsg at openbsd.org>
Date: Sat Oct 12 10:50:37 2024 +0000
upstream: remove duplicate misc.h include ok dtucker@
OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
commit 0051381a8c33740a77a1eca6859efa1c78887d80
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Oct 6 23:37:17 2024 +0000
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
exchange in sshd by default. Specifically, this removes the
diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
is unchanged and continues to support these methods by default.
Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.
ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.
ok markus@
OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
Summary of changes:
channels.c | 21 ++++++++++++++++++++-
channels.h | 3 ++-
clientloop.c | 7 ++++---
mux.c | 3 +--
myproposal.h | 8 ++++----
sshd_config.5 | 9 +++------
6 files changed, 34 insertions(+), 17 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list