ecki commented on code in PR #449:
URL: https://github.com/apache/mina-sshd/pull/449#discussion_r1442111543
##########
sshd-common/src/main/java/org/apache/sshd/common/kex/extension/KexExtensions.java:
##########
@@ -59,6 +60,24 @@ public final class KexExtensions {
public static final String CLIENT_KEX_EXTENSION = "ext-info-c";
public static final String SERVER_KEX_EXTENSION = "ext-info-s";
+ /**
+ * Reminder:
+ *
+ * These pseudo-algorithms are only valid in the initial SSH2_MSG_KEXINIT
and MUST be ignored if they are present in
+ * subsequent SSH2_MSG_KEXINIT packets.
+ *
+ * <B>Note:</B> these values are <U>appended</U> to the initial proposals
and removed if received before proceeding
+ * with the standard KEX proposals negotiation.
+ *
+ * @see <A
HREF="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL";>OpenSSH
PROTOCOL - 1.9 transport:
+ * strict key exchange extension</A>
+ */
+ public static final String STRICT_KEX_CLIENT_EXTENSION =
"[email protected]";
+ public static final String STRICT_KEX_SERVER_EXTENSION =
"[email protected]";
+ public static final List<String> STRICT_KEX_EXTENSIONS =
Collections.unmodifiableList(
+ Arrays.asList(
+ STRICT_KEX_CLIENT_EXTENSION, STRICT_KEX_SERVER_EXTENSION));
+
@SuppressWarnings("checkstyle:Indentation")
public static final Predicate<String> IS_KEX_EXTENSION_SIGNAL
Review Comment:
It is a bit unsymmetrical with the rfc8308 extension (strict-kex has no such
predicate and instead defines the list), but I guess it’s ok since both have a
bit different scope.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
