3des cipher and DH group size
Hubert Kario
hkario at redhat.com
Sat Feb 15 02:37:36 EST 2014
----- Original Message -----
> From: "Damien Miller" <djm at mindrot.org>
> To: "Scott Neugroschl" <scott_n at xypro.com>
> Cc: "mancha" <mancha1 at hush.com>, openssh-unix-dev at mindrot.org
> Sent: Friday, 14 February, 2014 1:10:17 AM
> Subject: RE: 3des cipher and DH group size
>
> On Thu, 13 Feb 2014, Scott Neugroschl wrote:
>
> > >Hubert Kario <hkario <at> redhat.com> writes:
> > >
> > >> [SNIP]
> > >
> > >3. OpenSSH primitives should be confined to ensure interoperability
> > > with implementations that are RFC non-compliant (e.g. cryptlib &
> > > DH GEX & RFC 4419).
> > >
> > >What's the point of standards then?
> >
> > Maybe a ssh_config option for DH GEX group size, so that people like
> > Hubert can configure SSH such implementations?
While not ideal, it would provide at least some workaround not requiring
recompilation of ssh.
>
> You can do this now by editing /etc/ssh/moduli
Why should I edit system wide config file when I want to connect
to one specific server?!
>
> Also KexAlgorithms=diffie-hellman-group14-sha1
not supported by the server
--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the openssh-unix-dev
mailing list