You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2014/10/07 11:40:34 UTC

[jira] [Updated] (SSHD-357) ARCFOUR 128/256 ciphers initialization incorrect - always fails

     [ https://issues.apache.org/jira/browse/SSHD-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Goldstein Lyor updated SSHD-357:
--------------------------------
    Attachment: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch

Recommend code patch (including jUnit tests)

> ARCFOUR 128/256 ciphers initialization incorrect - always fails
> ---------------------------------------------------------------
>
>                 Key: SSHD-357
>                 URL: https://issues.apache.org/jira/browse/SSHD-357
>             Project: MINA SSHD
>          Issue Type: Bug
>            Reporter: Goldstein Lyor
>             Fix For: 0.13.0
>
>         Attachments: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch
>
>
> The ARCFOUR128/256 ciphers inherit the default _BaseCipher#init_ implementation which creates an initialization vector. For RC4, this is not required - and indeed causes _java.security.InvalidAlgorithmParameterException: Parameters not supported_ when the cipher is initialized - even though everything is in order (e.g., see what happens when _SshServer#setUpDefaultCiphers_ is run). This means that these RC4 ciphers are *never* available. The fix (see attached patch file) is to override the _init_ method and provide only a key.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)