Displaying 2 results from an estimated 2 matches for "dh_new_group18".
Did you mean:
dh_new_group14
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
> On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
>> I gotta say... having a fallback mechanism here seems pretty
>> strange. The entire point of the group exchange is to use a dynamic
>> group and not a static one.
>
> fwiw, i think dynamic groups for DHE key exchange is intrinsically
> problematic
2017 Sep 23
2
DH Group Exchange Fallback
...t; return dh_new_group14();
> } else if (max <= 4096) {
> debug3("using 4k bit group 16");
> return dh_new_group16();
> }
> debug3("using 8k bit group 18");
> return dh_new_group18();
> }
This wouldn't fix the underlying issue. I'm interested in having the
code respect the admin's wishes. If the admin edits out entries in
/etc/ssh/moduli, the server should follow that 100%, and not sometimes
make decisions on its own, against what the admin told it point...