[
https://issues.apache.org/jira/browse/SSHD-1222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17440405#comment-17440405
]
Philippe Bastiani edited comment on SSHD-1222 at 11/8/21, 11:19 AM:
--------------------------------------------------------------------
In
[Dependencies|https://github.com/apache/mina-sshd/blob/master/docs/dependencies.md]
we can read that the *bcpg-jdk15on* artifact is needed to activate the Bouncy
Castle option (y)
Unfortunately, Bouncy Castle provides other obsolete APIs (in others artifacts)
which are incompatible with the sshd API; and, these artifacts also activate
the BC option :(
My UC : I am developing a java agent with sshd capability; and, one of
instrumented applications adds *bcprov-jdk15* to its classpath ... the presence
of this dependency enables the BC option in my agent without being operational
...
I think I could add *bcpg-jdk15on* to the classpath of my tool or disable BC
via ByteBuddy ... but I'm looking for a easier workaround.
In the code I see that you use a [default list of
registrars|https://github.com/apache/mina-sshd/blob/2fc98f7a21a7b83d2b2bc72d48a2194caa7f8fd1/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java#L134]...
My suggestion: add a system property to completely disable BC & EdDSA (i.e.
even if the associated jars are available).
was (Author: JIRAUSER279845):
In
[Dependencie|https://github.com/apache/mina-sshd/blob/master/docs/dependencies.md]
we can read that the *bcpg-jdk15on* artifact is needed to activate the Bouncy
Castle option (y)
Unfortunately, Bouncy Castle provides other obsolete APIs (in others artifacts)
which are incompatible with the sshd API; and, these artifacts also activate
the BC option :(
My UC : I am developing a java agent with sshd capability; and, one of
instrumented applications adds *bcprov-jdk15* to its classpath ... the presence
of this dependency enables the BC option in my agent without being operational
...
In the code I see that you use a [default list of
registrars|https://github.com/apache/mina-sshd/blob/2fc98f7a21a7b83d2b2bc72d48a2194caa7f8fd1/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java#L134]...
My suggestion: add a system property to completely disable BC & EdDSA (i.e.
even if the associated jars are available).
> Third-party API detection
> -------------------------
>
> Key: SSHD-1222
> URL: https://issues.apache.org/jira/browse/SSHD-1222
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Philippe Bastiani
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
