Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.11.0
-
None
Description
> Mina does not support fallback to weaker Diffie-Hellman algorithm if Prime cannot be found.
>
> The failure approach of fall-thru to weaker Diffie-Hellman algorithm, e.g.
> Group14 (embedded within the Code) if Prime cannot be found, either > > due to MODULI File Access Errors or Prime Not Found in the File, is the > typical approach of most SSH Server Implementations.
> OpenSSH follows this paradigm. Also it would help in communications
> robustness.
> It would be also nice to have a log event when the fallback happens.
> Do you agree that this is an issue? When could it be implemented?
>
It makes sense to me. Especially, the spec (
http://tools.ietf.org/html/rfc4419) says:
The server should return the smallest group it knows that is larger
than the size the client requested. If the server does not know a
group that is larger than the client request, then it SHOULD return
the largest group it knows. In all cases, the size of the returned
group SHOULD be at least 1024 bits.
Attachments
Issue Links
- relates to
-
SSHD-405 Please review AbstractClientChannel @deprecated getter methods
-
- Resolved
-