[mina-sshd] branch master updated: Update CHANGES and README for chacha20 and openSSH certs

Thu, 08 Jul 2021 12:22:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new 20464c4  Update CHANGES and README for chacha20 and openSSH certs
20464c4 is described below

commit 20464c49ab4275f01861078f3f6abd2cf5abbd50
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Thu Jul 8 21:19:02 2021 +0200

    Update CHANGES and README for chacha20 and openSSH certs
    
    Mention the Jira issues in CHANGES, mention the chacha20-poly1305
    cipher in README.
---
 CHANGES.md | 2 ++
 README.md  | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index ce9fc83..33274e7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -22,9 +22,11 @@
 
 ## Behavioral changes and enhancements
 
+* [SSHD-1017](https://issues.apache.org/jira/browse/SSHD-1017) Add support for 
the chacha20-poly1...@openssh.com cipher
 * [SSHD-1161](https://issues.apache.org/jira/browse/SSHD-1161) Support OpenSSH 
client certificates for publickey authentication
 * [SSHD-1163](https://issues.apache.org/jira/browse/SSHD-1163) Wrong server 
key algorithm choose
 * [SSHD-1164](https://issues.apache.org/jira/browse/SSHD-1164) Parsing of 
~/.ssh/config Host patterns fails with extra whitespace
+* [SSHD-1166](https://issues.apache.org/jira/browse/SSHD-1166) Support 
creating signed OpenSSH certificates
 * [SSHD-1168](https://issues.apache.org/jira/browse/SSHD-1168) OpenSSH 
certificates: check certificate type
 * [SSHD-1171](https://issues.apache.org/jira/browse/SSHD-1171) 
OpenSSHCertificatesTest: certificates expire in 2030
 * [SSHD-1172](https://issues.apache.org/jira/browse/SSHD-1172) Expiration of 
OpenSshCertificates needs to compare timestamps as unsigned long
diff --git a/README.md b/README.md
index 0d4297c..d7b9b87 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ based applications requiring SSH support.
 ## Implemented/available support
 
 * **Ciphers**: aes128cbc, aes128ctr, aes192cbc, aes192ctr, aes256cbc, 
aes256ctr, arcfour128, arcfour256, blowfishcbc, tripledescbc,
-aes128-...@openssh.com, aes256-...@openssh.com
+aes128-...@openssh.com, aes256-...@openssh.com, chacha20-poly1...@openssh.com
 * **Digests**: md5, sha1, sha224, sha256, sha384, sha512
 * **Macs**: hmacmd5, hmacmd596, hmacsha1, hmacsha196, hmacsha256, hmacsha512, 
hmac-sha2-256-...@openssh.com
 , hmac-sha2-512-...@openssh.com, hmac-sha1-...@openssh.com
@@ -81,12 +81,12 @@ the unsafe settings must do so **explicitly**. The 
following settings have been
 * [OpenSSH release notes](https://www.openssh.com/releasenotes.html) - usually 
a good indicator of de-facto practices
 * SHA-1 based key exchanges and signatures
 * MD5-based and truncated HMAC algorithms
-* [RFC 8270 - Increase the Secure Shell Minimum Recommended Diffie-Hellman 
Modulus Size to 2048 Bits](https://tools.ietf.org/html/rfc8270)  
-    **Note:** it still possible to use 1024 by initializing the value 
*programmatically* or via system property - 
+* [RFC 8270 - Increase the Secure Shell Minimum Recommended Diffie-Hellman 
Modulus Size to 2048 Bits](https://tools.ietf.org/html/rfc8270)
+    **Note:** it still possible to use 1024 by initializing the value 
*programmatically* or via system property -
     see [Security providers 
setup](./docs/security-providers.md#diff-hellman-group-exchange-configuration).
     The code still contains moduli for 1024 and will use them if user 
**explicitly** lowers the default minimum
     to it.
-    
+
 **Caveat:**: According to [RFC 8332 - section 
3.31](https://tools.ietf.org/html/rfc8332#section-3.3)
 >>
 >> Implementation experience has shown that there are servers that apply 
 >> authentication penalties to clients

Reply via email to