Displaying 4 results from an estimated 4 matches for "dh_new_group_fallback".
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
> On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
>> I gotta say... having a fallback mechanism here seems pretty
>> strange. The entire point of the group exchange is to use a dynamic
>> group and not a static one.
>
> fwiw, i think dynamic groups for DHE key exchange is intrinsically
> problematic
2015 Jul 01
4
[PATCH 1/1] update error messages about moduli and primes files
...LL &&
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
- logit("WARNING: %s does not exist, using fixed modulus",
- _PATH_DH_MODULI);
+ logit("WARNING: neither %s nor %s exists, using fixed modulus",
+ _PATH_DH_MODULI, _PATH_DH_PRIMES);
return (dh_new_group_fallback(max));
}
@@ -182,7 +182,8 @@ choose_dh(int min, int wantbits, int max)
if (bestcount == 0) {
fclose(f);
- logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
+ logit("WARNING: no suitable primes in %s or %s",
+ _PATH_DH_MODULI, _PATH_DH_PRIMES);
ret...
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:10 PM, Mark D. Baushke wrote:
> I suppose you want to be more paranoid:
>
> DH *
> dh_new_group_fallback(int max)
> {
> debug3("%s: requested max size %d", __func__, max);
> if (max <= 2048) {
> debug3("using 2k bit group 14");
> return dh_new_group14();
> } else if (max <= 4096) {
>...
2017 Sep 24
3
DH Group Exchange Fallback
On 09/24/2017 12:21 AM, Mark D. Baushke wrote:
> I suggest you upgrade to a more recent edition of the OpenSSH software.
> The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released
> very soon.
This problem is in v7.5 and v7.6. See dh.c:436.
> OpenSSH 6.6 was first released on October 6, 2014.
I brought up v6.6 to give an example that older clients wouldn't be