[I] Why add "[email protected]" and "[email protected]" in key Algorithms? [mina-sshd]

Fri, 07 Jun 2024 01:33:47 -0700 


zhyde2010 opened a new issue, #514:
URL: https://github.com/apache/mina-sshd/issues/514

   ### Version
   
   2.10.0
   
   ### Bug description
   
   We use this software. We have high requirements on algorithm security and 
specially adjust the algorithm. Actually, we find that 
"[email protected] is added after the selected algorithm by default. 
We think we've developed the algorithm, so we don't want to add it to us.
   
   ### Actual behavior
   
   No matter how we set the key exchange algorithm, 
[email protected] is appended at the end.
   
   ### Expected behavior
   
   Do not automatically add [email protected], or set the algorithm 
to the user's choice whether to add [email protected].
   
   ### Relevant log output
   
   ```Shell
   mina-sshd/sshd-common/src/main/java/org/apache/sshd/common/kex/extension
   /KexExtensions.java:    
   public static final String STRICT_KEX_CLIENT_EXTENSION = 
"[email protected]";
       public static final String STRICT_KEX_SERVER_EXTENSION = 
"[email protected]";
   
   
sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
       @Override
       protected String resolveSessionKexProposal(String hostKeyTypes) throws 
IOException {
           String proposal = super.resolveSessionKexProposal(hostKeyTypes);
           // see https://tools.ietf.org/html/rfc8308
           KexExtensionHandler extHandler = getKexExtensionHandler();
           if ((extHandler == null) || 
(!extHandler.isKexExtensionsAvailable(this, AvailabilityPhase.PROPOSAL))) {
               return proposal;
           }
   
           String extType = isServerSession() ? 
KexExtensions.SERVER_KEX_EXTENSION : KexExtensions.CLIENT_KEX_EXTENSION;
           if (GenericUtils.isEmpty(proposal)) {
               return extType;
           } else {
               return proposal + "," + extType;
           }
   ```
   
   
   ### Other information
   
   NA


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to