search for: dh_grp_max

...set the minimum modulus group size allowable for a connection using diffie-hellman-group-exchange-sha256 Whether this is by having the server refuse to allow smaller moduli to be used than exist in ModuliFile, or another explicit configuration setting is added, it doesn't matter - Modernize DH_GRP_MAX to >= 16384. The current value is based on pre-quantum recommendations (and it is stated only as a recommendation) in an 18-year-old RFC (4416) - Modernize the client to allow explicit setting of its MIN, REQUESTED, and MAX group sizes For your consideration. Kurt Fitzner

...e is in function kexgex_server in kexgexs.c: case SSH2_MSG_KEX_DH_GEX_REQUEST: debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); min = packet_get_int(); nbits = packet_get_int(); max = packet_get_int(); min = MAX(DH_GRP_MIN, min); max = MIN(DH_GRP_MAX, max); break; The bug is that, if the client sends values of 512 and 8192 for min and max in the SSH_MSG_KEY_DH_GEX_REQUEST message, then the client will expect the server to use these same values when calculating the hash. But the server will actually use DH_GRP_MIN for min, which have...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |