[EC]DH KEx and how to restrict ssh/sshd to secure(er) DH parameters

Christoph Anton Mitterer calestyo at scientia.net
Wed Oct 29 07:27:03 EST 2014


Hey.

Since there was no real conclusion on this, neither against nor clearly
in favour, I've opened two tickets for the records:

#2302 (https://bugzilla.mindrot.org/show_bug.cgi?id=2302)
Asking to not fall back to diffie-hellman-group14-sha1 when this was
"explicitly" disabled via the KEX algo preference list of either ssh or
sshd.

#2303 (https://bugzilla.mindrot.org/show_bug.cgi?id=2303)
Asking one to allow to specify the min and max values for DH GEX on the
ssh/libssh side.


I actually tried to write a small patch for #2303,... but while adding a
new config options is quite easy,... correctly feeding min/max values
through all the function calls to kexgex[c|s] seems to bit more tricky
(I guess one would need to add these to the Kex struct and probably this
would also change the ABI of libssh?)


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141028/446754d2/attachment.bin>


More information about the openssh-unix-dev mailing list