On Thursday, 14 June 2018 16:03:29 CEST Andreas Schneider wrote:
> On Wednesday, 13 June 2018 16:35:16 CEST Andreas Schneider wrote:
> > On Saturday, 9 June 2018 01:58:57 CEST Jon Simons wrote:
> > > On 6/8/18 7:09 AM, Andreas Schneider wrote:
> > > > I'm currently working on chacha20 to merge Aris his work. There are
> > > > two
> > > > pkd
> > > > patches from you which don't have a Signed-off-by tag from you.
> > > >
> > > > Could you please give me the permission to add it or send the attached
> > > > patch back with them?
> > > >
> > > > Also, could you test this patchset?
> > >
> > > Excited to see the chacha20 work headed to master.
> > >
> > > I gave the patchset some review and testing this afternoon and I've
> > > attached>
> > >
> > > a respin of the patchset that includes:
> > > * fixes for current master pkd:
> > > https://www.libssh.org/archive/libssh/2018-05/0000009.html * the older
> > > chacha20 patches now with my Signed-off
> > >
> > > * a couple of minor adjustments plus fix for the mbedTLS build
> > >
> > > These should apply cleanly on to
> > > 0940b0f29b4fef86e56dffdd13d978f9692b78fc.
> > >
> > > I tested this series with these combinations of pkd:
> > > * Debian Jessie with OpenSSL 1.0.1, libgcrypt20
> > > * Debian Stretch with OpenSSL 1.1.0, libgcrypt20, mbedTLS
> > >
> > > Please let me know if I can be of any further help or if you'd like to
> > > see any changes to the adjustments I made. I can also send out the
> > > patches
> > > in another format if that would be helpful.
> >
> > Also the pkd test doesn't work on Fedora 26. The reason is the default
> > config. There is:
> >
> > /etc/ssh/ssh_config.d/05-redhat.conf
> >
> > which includes
> >
> > /etc/crypto-policies/back-ends/openssh.config
> >
> > and that files sets:
> >
> > Ciphers [email protected],[email protected],aes256-
> > ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
> > MACs [email protected],[email protected],umac-128-
> > [email protected],[email protected],hmac-sha2-256,hmac-
> > sha1,[email protected],hmac-sha2-512
> > GSSAPIKexAlgorithms gss-gex-sha1-,gss-group14-sha1-
> > KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-
> > nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
> > hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-
> > exchange-sha1,diffie-hellman-group14-sha1
> >
> >
> > So you're not allowed to use certain ciphers!
> >
> >
> > So you need to create a ssh config file and use 'ssh -F configfile' which
> > already sets the above to allow all ciphers we want to test.
> >
> > Andreas
>
> Looks like openssh removed support for ssh-dss. At least my openssh 7.7
> doesn't know about it at all.
>
> I would remove it from libssh after the release of 0.8 together with SSHv1
> support.
>
> I think we can remove it from pkd already? Comments?
Same for blowfish_cbc.
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org [email protected]
