KEX graceful failure
Georgi Chulkov
g.chulkov at jacobs-university.de
Sat Jun 28 23:18:26 EST 2008
Dear all,
I am currently implementing an experimental key exchange (KEX) algorithm.
Unlike current algorithms like DH, mine needs to be able to fail gracefully,
and in case of failure, continue with whatever algorithm would have been
negotiated if mine was not selected.
My strategy for graceful failure is to remove my KEX algorithm from
myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange.
My question is whether it is safe (and a good idea) to simply call do_ssh2_kex
(server) / ssh2_kex (client) in order to do another exchange, and whether
there are any negative consequences of doing so (e.g. security or
reliability).
Thanks!
Georgi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080628/404cdc75/attachment.bin
More information about the openssh-unix-dev
mailing list