tomaswolf commented on PR #449:
URL: https://github.com/apache/mina-sshd/pull/449#issuecomment-1877851047
> Looks OK to me (have not gone over the tests in details - I trust you
checked them). I do feel I need to insist on a `CoreModuleProperties` property
that controls this feature. As I have said previously, I am fine with its
default being "enabled", but I strongly feel we should have it...
I think we should minimize "kill switches". They obfuscate the issue
permanently (removing the property in the future would be an API-breaking
change). In this particular case:
- This is a fairly important modification of a core sub-protocol in the SSH
protocols.
- It is backwards compatible with older implementations that don't know
about it.
- It is tested.
- If we did it wrong and people can't use it because it breaks something,
they'll just stay on 2.11.0 and we'll have to have a 2.12.1 with a fix.
Finally, if someone really wants to shut off strict KEX usage, here's one
way of doing so:
```
SshClient client = ...;
SessionFactory factory = new NoStrictKexSessionFactory(client);
client.setSessionFactory(factory);
client.start();
```
and
```
class NoStrictKexSessionFactory extends SessionFactory {
NoStrictKexSessionFactory(ClientFactoryManager client) {
super(client);
}
@Override
protected ClientSessionImpl doCreateSession(IoSession ioSession) throws
Exception {
return new NoStrictKexSession(getClient(), ioSession);
}
}
class NoStrictKexSession extends ClientSessionImpl {
NoStrictKexSession(ClientFactoryManager client, IoSession ioSession)
throws Exception {
super(client, ioSession);
}
@Override
protected Map<KexProposalOption, String>
doStrictKexProposal(Map<KexProposalOption, String> proposal) {
return proposal;
}
}
```
(Or likewise for a `ServerSession`.)
Yes, it's a little bit of code to write, but it's IMO about the right level
of difficulty for switching off a security feature. I don't want to make it too
easy for users to shoot themselves in the foot by inadvertently switching
strict kex off. And yes, a boolean property in `CoreModuleProperties` fits my
definition of "too easy" in this case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
