Can we disable diffie-hellman-group-exchange-sha1 by default?
Jon DeVree
nuxi at vault24.org
Fri Feb 15 05:02:45 AEDT 2019
I ask because the removal of diffie-hellman-group-exchange-sha1 happened
accidently in 7.8 due to a mistake in a change to readconf.c. I noticed
this and filed a bug about it along with a patch to fix readconf.c to use
KEX_CLIENT_* like it used to:
https://github.com/openssh/openssh-portable/commit/1b9dd4aa
https://bugzilla.mindrot.org/show_bug.cgi?id=2967
Its clear the removal was unintentional because myproposal.h still
lists diffie-hellman-group-exchange-sha1 under KEX_CLIENT_KEX:
https://github.com/openssh/openssh-portable/blob/V_7_8_P1/myproposal.h#L102
I was just thinking that if this hasn't been causing a problem for the
last 2 releases then maybe its time to disable this by default in the
client. This algorithm has been disabled by default in the server since
the 6.7 release in October 2014.
--
Jon
Doge Wrangler
X(7): A program for managing terminal windows. See also screen(1) and tmux(1).
More information about the openssh-unix-dev
mailing list