[ https://issues.apache.org/jira/browse/SSHD-895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17086449#comment-17086449 ]
FliegenKLATSCH commented on SSHD-895: ------------------------------------- I don't understand the reason for not enabling rsaSHA512 and rsaSHA256 per default. Could you enlighten me? Does the comment {code:java} Implementation experience has shown that there are servers that apply authentication penalties to clients attempting public key algorithms that the SSH server does not support.{code} apply, if we first negotiate the algorithm with the server? I understand it the way that there are penalties if the client just tries an algorithm which was not negotiated? And I am not sure if the client would try a sha2 variant if the negotiated algorithm is `ssh-rsa`? > Add support for RSA + SHA-256/512 signatures > -------------------------------------------- > > Key: SSHD-895 > URL: https://issues.apache.org/jira/browse/SSHD-895 > Project: MINA SSHD > Issue Type: Improvement > Affects Versions: 2.3.0 > Reporter: Lyor Goldstein > Assignee: Lyor Goldstein > Priority: Major > Fix For: 2.3.0 > > > See https://tools.ietf.org/html/rfc8332 - *Note:* > {quote} > Servers that accept rsa-sha2-* signatures for client authentication > SHOULD implement the extension negotiation mechanism defined in > [RFC8308], including especially the "server-sig-algs" extension. > {quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org