History log of /openssh-portable/myproposal.h (Results 1 - 25 of 137)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 1ac98be8 16-May-2019 Darren Tucker

Use the correct macro for SSH_ALLOWED_CA_SIGALGS.


# 633703ba 16-May-2019 Darren Tucker

Conditionalize ECDH methods in CA algos.

When building against an OpenSSL configured without ECC, don't include
those algos in CASignatureAlgorithms. ok djm@


Revision tags: V_8_0_P1
# 9b61130f 23-Feb-2019 djm@openbsd.org

upstream: openssh-7.9 accidentally reused the server's algorithm lists

in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the

upstream: openssh-7.9 accidentally reused the server's algorithm lists

in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57

show more ...


Revision tags: V_7_9_P1
# 4cc259ba 11-Sep-2018 djm@openbsd.org

upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of

signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.

ok markus@

OpenBSD-Commit-

upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of

signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.

ok markus@

OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4

show more ...


Revision tags: V_7_8_P1
# 4ba0d547 03-Jul-2018 djm@openbsd.org

upstream: Improve strictness and control over RSA-SHA2 signature

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the s

upstream: Improve strictness and control over RSA-SHA2 signature

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde

show more ...


Revision tags: V_7_7_P1, V_7_6_P1
# 70c1218f 07-May-2017 djm@openbsd.org

upstream commit

Don't offer CBC ciphers by default in the client. ok
markus@

Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef


Revision tags: V_7_5_P1, V_7_4_P1
# 0082fba4 28-Sep-2016 djm@openbsd.org

upstream commit

Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea

upstream commit

Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.

Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.

Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@

NB. pre-auth authentication has been disabled by default in sshd
for >10 years.

Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf

show more ...


# 0493766d 22-Sep-2016 djm@openbsd.org

upstream commit

support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)

upstream commit

support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)

Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2

show more ...


# da95318d 05-Sep-2016 djm@openbsd.org

upstream commit

remove 3des-cbc from the client's default proposal;
64-bit block ciphers are not safe in 2016 and we don't want to wait until
attacks like sweet32 are extended to SSH

upstream commit

remove 3des-cbc from the client's default proposal;
64-bit block ciphers are not safe in 2016 and we don't want to wait until
attacks like sweet32 are extended to SSH.

As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
cause problems connecting to older devices using the defaults, but
it's highly likely that such devices already need explicit
configuration for KEX and hostkeys anyway.

ok deraadt, markus, dtucker

Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f

show more ...


Revision tags: V_7_3_P1
# 0e8eeec8 02-May-2016 djm@openbsd.org

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)

based on patch from Mark D. Baushke and Darren Tucker
ok markus@

Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f

show more ...


Revision tags: V_7_2_P2, V_7_2_P1
# 714e3672 09-Feb-2016 djm@openbsd.org

upstream commit

turn off more old crypto in the client: hmac-md5, ripemd,
truncated HMACs, RC4, blowfish. ok markus@ dtucker@

Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd

upstream commit

turn off more old crypto in the client: hmac-md5, ripemd,
truncated HMACs, RC4, blowfish. ok markus@ dtucker@

Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e

show more ...


Revision tags: V_7_1_P2
# 3da893fd 05-Dec-2015 markus@openbsd.org

upstream commit

prefer rsa-sha2-512 over -256 for hostkeys, too; noticed
by naddy@

Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe


# 76c9fbbe 04-Dec-2015 markus@openbsd.org

upstream commit

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@

upstream commit

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309

show more ...


Revision tags: V_7_1_P1, V_7_0_P1
# 3a1638dd 10-Jul-2015 markus@openbsd.org

upstream commit

Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback an

upstream commit

Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21

show more ...


# bdfd29f6 02-Jul-2015 djm@openbsd.org

upstream commit

turn off 1024 bit diffie-hellman-group1-sha1 key
exchange method (already off in server, this turns it off in the client by
default too) ok dtucker@

Upstre

upstream commit

turn off 1024 bit diffie-hellman-group1-sha1 key
exchange method (already off in server, this turns it off in the client by
default too) ok dtucker@

Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa

show more ...


# c28fc62d 02-Jul-2015 djm@openbsd.org

upstream commit

delete support for legacy v00 certificates; "sure"
markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f


Revision tags: V_6_9_P1
# 599f0114 29-May-2015 Damien Miller

fix merge botch that left ",," in KEX algs


# 3ecde664 27-May-2015 dtucker@openbsd.org

upstream commit

Reorder client proposal to prefer
diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@

Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe

upstream commit

Reorder client proposal to prefer
diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@

Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058

show more ...


# 39bfbf7c 21-Apr-2015 jsg@openbsd.org

upstream commit

Add back a backslash removed in rev 1.42 so
KEX_SERVER_ENCRYPT will include aes again.

ok deraadt@


# a22b9ef2 24-Mar-2015 djm@openbsd.org

upstream commit

promote chacha20-poly1305@openssh.com to be the default
cipher; ok markus


Revision tags: V_6_8_P1, V_6_7_P1
# 2f3d1e7f 18-Aug-2014 Damien Miller

- (djm) [myproposal.h] Make curve25519 KEX dependent on
HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.


# 6262d760 16-Jul-2014 Damien Miller

- tedu@cvs.openbsd.org 2014/07/11 13:54:34
[myproposal.h]
by popular demand, add back hamc-sha1 to server proposal for better compat
with many clients still in use. ok dera

- tedu@cvs.openbsd.org 2014/07/11 13:54:34
[myproposal.h]
by popular demand, add back hamc-sha1 to server proposal for better compat
with many clients still in use. ok deraadt

show more ...


# d7af0cc5 10-Jun-2014 Darren Tucker

- (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
the proposal if the version of OpenSSL we're using doesn't support ECC.


# 294c58a0 15-May-2014 Damien Miller

- naddy@cvs.openbsd.org 2014/04/30 19:07:48
[mac.c myproposal.h umac.c]
UMAC can use our local fallback implementation of AES when OpenSSL isn't
available. Glue code strai

- naddy@cvs.openbsd.org 2014/04/30 19:07:48
[mac.c myproposal.h umac.c]
UMAC can use our local fallback implementation of AES when OpenSSL isn't
available. Glue code straight from Ted Krovetz's original umac.c.
ok markus@

show more ...


# 1f0311c7 15-May-2014 Damien Miller

- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]

- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

show more ...


123456