Yegor Ievlev
2019-Feb-14 23:56 UTC
Can we disable diffie-hellman-group-exchange-sha1 by default?
Can we disable diffie-hellman-group14-sha1 too? On Thu, Feb 14, 2019 at 10:23 PM Mark D. Baushke <mdb at juniper.net> wrote:> > Hi John, > > The short answer is YES. > > Jon DeVree <nuxi at vault24.org> writes: > > > I ask because the removal of diffie-hellman-group-exchange-sha1 happened > > accidently in 7.8 due to a mistake in a change to readconf.c. I noticed > > this and filed a bug about it along with a patch to fix readconf.c to use > > KEX_CLIENT_* like it used to: > > The diffie-hellman-group-exchange-sha1 is an optional key exchange > method provided by RFC4419 and updated by RFC8270. > > Support for it is not required and may (and in my opinion should) be > disabled by default without any impact to the SSHv2 protocol. > > The only two Mandatory To Implement (MTI) key exchange methods are those > in RFC3253 (diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1). > Even though they are MTIs, that just means you need to be able configure > them, there is no mandatory requirement that a given installation enable > them by default. > > Enjoy! > -- Mark > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Mark D. Baushke
2019-Feb-15 00:48 UTC
Can we disable diffie-hellman-group-exchange-sha1 by default?
Yegor Ievlev <koops1997 at gmail.com> writes:> Can we disable diffie-hellman-group14-sha1 too?It is possible to disable the diffie-hellman-group14-sha1 key exchange, but I personally recommend you just put it at the end of the list, so it is not normally used for the key exhcange unless that is the ONLY thing that your client has in common with the server (or vice versa). I know of a number of devices out there which want one of the MTI key exchange methods to be used. -- Mark
Yegor Ievlev
2019-Feb-15 02:12 UTC
Can we disable diffie-hellman-group-exchange-sha1 by default?
Also, how are default moduli shipped with OpenSSH for use in diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen randomly by developers or are they chosen for security properties? If they are random, why not use moduli from RFC 7919 instead, like Mozilla recommends? On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote:> > Yegor Ievlev <koops1997 at gmail.com> writes: > > > Can we disable diffie-hellman-group14-sha1 too? > > It is possible to disable the diffie-hellman-group14-sha1 key exchange, > but I personally recommend you just put it at the end of the list, so it > is not normally used for the key exhcange unless that is the ONLY thing > that your client has in common with the server (or vice versa). > > I know of a number of devices out there which want one of the MTI key > exchange methods to be used. > > -- Mark