[Bug 2040] Downgrade attack vulnerability when checking SSHFP records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 31 19:31:29 EST 2012


--- Comment #1 from Ondřej Caletka <ondrej at caletka.cz> ---
Created attachment 2184
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2184&action=edit
Handle future digest types correctly

When testing, I also found out that when a SSHFP record for the host
uses digest type other than SHA1 or SHA256, the SSHFP check fails even
if SHA1 or SHA256 matches the offered host key.

This patch changes this behavior to ignore future digest types.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list