Can we disable diffie-hellman-group14-sha1 by default?

Yegor Ievlev koops1997 at gmail.com
Sun Jan 20 10:15:17 AEDT 2019


Also, are DH groups sent by server signed in addition to server's
supported algorithms?

On Sun, Jan 20, 2019 at 2:12 AM Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512
> are fine, they use PSS.
>
> On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote:
> >
> > Also can we do anything with ssh-rsa? It uses both SHA-1 and
> > deprecated PKCS#1 padding. If it's used to sign certificates, there's
> > no additional protection of SHA-2 hashing before SHA-1 signature, it
> > just signs the raw certificate.
> >
> > On Sat, Jan 19, 2019 at 11:32 PM Yegor Ievlev <koops1997 at gmail.com> wrote:
> > >
> > > I'm not sure if collision resistance is required for DH key
> > > derivation, but generally, SHA-1 is on its way out. If it's possible
> > > (if there's not a very large percentage of servers that do not support
> > > anything newer), it should be disabled.


More information about the openssh-unix-dev mailing list