ecki opened a new issue, #445: URL: https://github.com/apache/mina-sshd/issues/445
### Description Hello, is Mina or any contributor planning to work on adding the new OpenSSH protocol extension "strict-KEX" for mitigating Terrapin attacks? Also did somebody check for the counter overflow conditions mentioned in the advanced counter manupulation section of the paper? BTW: when implementing config options, I would do it like jssh which allows to define a "required" mode, so you can set up a listener which rejects any handshakes without this protection. (if you want to make "supported" configurable I dont care, seems to be not a big compat problem if implemented correctly) In addition to resetting the counters the strict mode probbaly also should reject the "filler" debug and ignore mesages - I hope PMC received detailed guidance from the Terrapin team? ### Motivation Users want to mitigate the new protocol attac which can only work if client and server are extended. ### Alternatives considered Turning off the ciphers is an interop problem. ### Additional context https://terrapin-attack.com -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
