[mina-sshd] branch master updated: [SSHD-1136] Update DH group exchange configuration documentation to reflect the use of a property to govern fallback mode

[lg...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new e8388c4  [SSHD-1136] Update DH group exchange configuration documentation to reflect the use of a property to govern fallback mode
e8388c4 is described below

commit e8388c43a1283ee659f3ba8f2b98403ff50f948c
Author: Lyor Goldstein <lg...@apache.org>
AuthorDate: Fri Apr 2 09:20:23 2021 +0300

    [SSHD-1136] Update DH group exchange configuration documentation to reflect the use of a property to govern fallback mode
---
 docs/security-providers.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/security-providers.md b/docs/security-providers.md
index d285a0a..e8b996d 100644
--- a/docs/security-providers.md
+++ b/docs/security-providers.md
@@ -104,4 +104,6 @@ In any case, the values are auto-detected by the code but the user can intervene
 * The value should be between 2048 and 8192 (not enforced - allows users to make an **explicit** decision to use shorter keys - especially the minimum).
 * The minimum must be less or equal to the maximum (enforced - if reversed then group exchange is **disabled**)
 * If a **negative** value is set in either one then group exchange is **disabled**
-* Setting a value of zero indicates a **lazy** auto-detection of the supported range the next time these values are needed.
\ No newline at end of file
+* Setting a value of zero indicates a **lazy** auto-detection of the supported range the next time these values are needed.
+
+Furthermore, if all possible primes have been exhausted the code no longer falls back to DH group exchange using SHA-1 unless the `ALLOW_DHG1_KEX_FALLBACK` core module property is set.
\ No newline at end of file