[openssh-commits] [openssh] 01/03: upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Oct 14 09:21:13 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 0051381a8c33740a77a1eca6859efa1c78887d80
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Sun Oct 6 23:37:17 2024 +0000

    upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
    
    exchange in sshd by default. Specifically, this removes the
    diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
    is unchanged and continues to support these methods by default.
    
    Finite field Diffie Hellman is slow and computationally expensive for
    the same security level as Elliptic Curve DH or PQ key agreement while
    offering no redeeming advantages.
    
    ECDH has been specified for the SSH protocol for 15 years and some
    form of ECDH has been the default key exchange in OpenSSH for the last
    14 years.
    
    ok markus@
    
    OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
---
 myproposal.h  | 8 ++++----
 sshd_config.5 | 9 +++------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/myproposal.h b/myproposal.h
index 3bdc2e95..c1459054 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.73 2024/09/09 02:39:57 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.74 2024/10/06 23:37:17 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -32,14 +32,14 @@
 	"curve25519-sha256 at libssh.org," \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384," \
-	"ecdh-sha2-nistp521," \
+	"ecdh-sha2-nistp521" \
+
+#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
 	"diffie-hellman-group-exchange-sha256," \
 	"diffie-hellman-group16-sha512," \
 	"diffie-hellman-group18-sha512," \
 	"diffie-hellman-group14-sha256"
 
-#define KEX_CLIENT_KEX KEX_SERVER_KEX
-
 #define	KEX_DEFAULT_PK_ALG	\
 	"ssh-ed25519-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
diff --git a/sshd_config.5 b/sshd_config.5
index dbed44f2..6e12fbe2 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.374 2024/09/15 08:27:38 jmc Exp $
-.Dd $Mdocdate: September 15 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.375 2024/10/06 23:37:17 djm Exp $
+.Dd $Mdocdate: October 6 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1062,10 +1062,7 @@ The default is:
 sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,
 mlkem768x25519-sha256,
 curve25519-sha256,curve25519-sha256 at libssh.org,
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-diffie-hellman-group-exchange-sha256,
-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
-diffie-hellman-group14-sha256
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
 .Ed
 .Pp
 The list of supported key exchange algorithms may also be obtained using

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list