[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 26 16:10:58 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2302

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned-bugs at mindrot.org |dtucker at zip.com.au
                 CC|                            |dtucker at zip.com.au
   Attachment #2630|                            |ok?(djm at mindrot.org)
              Flags|                            |

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
Created attachment 2630
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2630&action=edit
Make the DH-GEX fallback group 4k bit.

This makes the fallback group a new 4kbit group as long as the client
accepts groups at least that big (which is a SHOULD in RFC4419),
otherwise it continues to use group14.

I didn't go bigger than 4kbit because I know some implementations have
problems coping with them.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list