You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Alon Bar-Lev (JIRA)" <ji...@apache.org> on 2015/11/17 12:13:11 UTC
[jira] [Comment Edited] (SSHD-589) [regression][kex] dhgex256 is
disabled in 1.x if native JCE is being used
[ https://issues.apache.org/jira/browse/SSHD-589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15008495#comment-15008495 ]
Alon Bar-Lev edited comment on SSHD-589 at 11/17/15 11:12 AM:
--------------------------------------------------------------
Please review attached patch, added cache.
This is yet without new tests, but should be complete.
Please ACK.
Not sure why jira does not mark attachment addition in comment.
This refers to attachment[1]
[1] https://issues.apache.org/jira/secure/attachment/12772718/0001-SSHD-589-Enable-dhgex256-if-4096-DH-is-supported.patch
was (Author: alonbl):
Please review attached patch, added cache.
This is yet without new tests, but should be complete.
Please ACK.
> [regression][kex] dhgex256 is disabled in 1.x if native JCE is being used
> -------------------------------------------------------------------------
>
> Key: SSHD-589
> URL: https://issues.apache.org/jira/browse/SSHD-589
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.0.0, 1.1.0
> Environment: Fedora
> $ java -version
> openjdk version "1.8.0_60"
> OpenJDK Runtime Environment (build 1.8.0_60-b27)
> OpenJDK 64-Bit Server VM (build 25.60-b23, mixed mode)
> Gentoo
> $ java -version
> openjdk version "1.8.0_60"
> OpenJDK Runtime Environment (IcedTea 3.0.0pre06+ra9817b9f8a21) (Gentoo icedtea-3.0.0_pre06)
> OpenJDK 64-Bit Server VM (build 25.60-b23, mixed mode)
> Oracle
> NOTE1: Disable SunEC provider at jre/lib/security/java.security to reproduce.
> NOTE2: Install UnlimitedJCEPolicyJDK8
> $ java -version
> java version "1.8.0_65"
> Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
> Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
> $ sshd -V
> OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
> Reproduce server: dev.gentoo.org (Kex only)
> Reporter: Alon Bar-Lev
> Priority: Minor
> Attachments: 0001-SSHD-589-Enable-dhgex256-if-4096-DH-is-supported.patch, 0001-SSHD-589-Logging-improvements.patch, 0001-SSHD-589-enable-dhgex256-if-4096-DH-is-supported.patch, test1-0.14.log, test1-master.log, test1.tar.gz
>
>
> Using:
> 1. Same JVM to run test of 1.x and 0.x
> 2. The SunEC provider is not available.
> 3. BouncyCastle is not used.
> 4. The same Fedora-22 remote is accessed.
> Using sshd-core-0.14 works, using sshd-core-1.0.1(master, and any 1.x) produces:
> java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 / server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1)
> at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1334)
> at org.apache.sshd.common.session.AbstractSession.handleKexInit(AbstractSession.java:478)
> at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:412)
> at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:361)
> Per Lyor request, added some more debug information into master.
> Attached:
> 1. Full test environment (test1.tar.gz) a directory per version, test using:
> JAVA_OPTS="-Djava.util.logging.config.file=./logging.properties" ./ssh-test.sh --host=XXXX --password=XXXX --command="echo hello"
> 2. Full debug log of 0.14 and master.
> 3. Diff of logging.
> This is a behaviour change in 1.x, so far we have failed to nail it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)