CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2021/08/29 17:53:10
Modified files:
usr.bin/ssh : myproposal.h
Log message:
After years of forewarning, disable the RSA/SHA-1 signature algorithm
by default. It is feasible to create colliding SHA1 hashes, so we
need to deprecate its use.
RSA/SHA-256/512 remains available and will be transparently selected
instead of RSA/SHA1 for most SSH servers released in the last five+
years. There is no need to regenerate RSA keys.
The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the
PubkeyAcceptedAlgorithms directives on the client and server.
ok dtucker deraadt
