[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh-0.4.1 breaks application

Subject: Re: libssh-0.4.1 breaks application
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Tue, 02 Mar 2010 09:20:37 +0100
To: libssh@xxxxxxxxxx

Hi Eugene,

This is due to two fixes issued in 0.4.1:
-introduction of aes128-ctr, aes192-ctr and aes256-ctr
-Change in client key selector which gives the client priority on the
algorithms to choose.

I'd say it's a feature and not a bug. aes256-cbc is left for
compatibility but by default, aes256-ctr is choosen. The latter is more
secure and fix a cryptographic bug in the cbc version.

Do these changes really impact the performances or usability of your
application ? In last resort, you can set the preferred keys using
ssh_set_options().

Aris

Eugene Starozhilov a écrit :
> Hi,
> 
> I just moved my application which uses sever libssh API from
> libssh-0.4.0 to libssh-0.4.1. Now client and server choose different
> encryption algorithms during key negotiation. This problem can be
> reproduced using samplesshd as server and ssh as a client.
> 
> CLIENT (ssh)
> 
> debug2: mac_init: found hmac-sha1
> 
> debug1: kex: server->client aes128-cbc hmac-sha1 none
> 
> debug2: mac_init: found hmac-sha1
> 
> debug1: kex: client->server aes128-cbc hmac-sha1 none
> 
> SERVER (samplesshd)
> 
> [3] Type 20
> 
> [3] Set output algorithm aes256-ctr
> 
> [3] Set input algorithm aes256-ctr
> 
> 
> Any suggestions how to fix the problem will be greatly appreciated.
> Thanks,
> Eugene
> 
>

Follow-Ups:
Re: libssh-0.4.1 breaks application	Eugene Starozhilov <estarozhilov@xxxxxxxxx>

References:
libssh-0.4.1 breaks application	Eugene Starozhilov <estarozhilov@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org