You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Achim Hügen (Jira)" <ji...@apache.org> on 2021/03/02 08:15:00 UTC
[jira] [Created] (SSHD-1136) Diffie Hellmann group exchange falls
back to insecure DHG1 if agreement on moduli size is not possible
Achim Hügen created SSHD-1136:
---------------------------------
Summary: Diffie Hellmann group exchange falls back to insecure DHG1 if agreement on moduli size is not possible
Key: SSHD-1136
URL: https://issues.apache.org/jira/browse/SSHD-1136
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.6.0
Reporter: Achim Hügen
After implementation of SSHD-1107 we configured the minimum modulo size of diffie-hellman-group-exchange-sha256 to 2048 bit and expected clients that doesn't support this minimum to not be able to connect.
But what happens is that, those clients still can connect and this warning is logged:
{code}
chooseDH(DHGEXServer[diffie-hellman-group-exchange-sha256])[ShaftServerSession[null@/10.42.110.99:44222]][prf=1024, min=1024, max=1024] No suitable primes found, defaulting to DHG1
{code}
My understanding is, that this is a fallback to diffie-hellman-group1-sha1 which is week, see https://www.openssh.com/legacy.html
Mina should make this fallback configurable and not activate it by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org