[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Aug 31 19:31:29 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2040
--- Comment #1 from Ondřej Caletka <ondrej at caletka.cz> ---
Created attachment 2184
--> https://bugzilla.mindrot.org/attachment.cgi?id=2184&action=edit
Handle future digest types correctly
When testing, I also found out that when a SSHFP record for the host
uses digest type other than SHA1 or SHA256, the SSHFP check fails even
if SHA1 or SHA256 matches the offered host key.
This patch changes this behavior to ignore future digest types.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list