DH Group Exchange Fallback
Mark D. Baushke
mdb at juniper.net
Mon Sep 25 13:13:57 AEST 2017
I wish to withdraw my suggested patch to dh.c as what OpenSSH is using
for falling back to a value related to the client max is correct for
some flavors of that concept.
That said, I suspect what Joe wants is for the max provided by the
client to be advisory such that the minimum value provided by the moduli
file would be used if the client max is smaller than that value.
That is, if the client sent min=1024,n=1024,max=1025 and the minimum
modulus in the moduli file was min_moduli=3072bits, that the client max
value be ignored in favor of using the MAX(max,min_moduli). In this way,
the adinistrator that no longer wanted to support 2048 bit group14 for
clients would be able to support a 3072-bit minimum to be sent for the
client.
Is this what you wanted to address Joe?
I would have no objection to such a patch for OpenSSH.
-- Mark
More information about the openssh-unix-dev
mailing list