tomaswolf commented on issue #803: URL: https://github.com/apache/mina-sshd/issues/803#issuecomment-3299055255
This is documented at https://github.com/apache/mina-sshd/blob/master/docs/standards.md#implementedavailable-support . It's quite simple actually: if Java supports the algorithm in Java 8, Apache MINA supports it. Otherwise Bouncy Castle is needed (the PQC algorithms, ed15519, or curve25519/curve448 key exchange). For ed25519, net.i2p.crypto:eddsa:0.3.0 can also be used. On Java 11+, curve25519/curve448 key exchange is supported also on plain JDK. For 3.0, we plan to support JDK ed25519 on Java 15+, too, and on Java24+ also the JDK ML-KEM key exchanges. For AES encryption and the SHA HMacs, the SunJCE implementations (native) are preferred (by default) over BouncyCastle (typically non-native code and thus slower). And yes, we are aware of the "signature malleability" CVE reported against net.i2p.crypto:eddsa:0.3.0. First, we fix that as of 2.17.0 [in our code(https://github.com/apache/mina-sshd/commit/362758d2d)], and second, I think signature malleability is irrelevant in the SSH protocol. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
