[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh-0.4.5 - Problem with some ciphers

Hi Uday,

This is similar to a bug we had in an older CentOS/RHEL 4. The CTR
algorithm implemented by libssl is not compatible (!) with newer
releases. Hence, the BROKEN_AES_CTR flag defined when libssl older than
known broken version is used, aes128-ctr is disabled.

Could you provide me:
-Linux distribution (client) which are demonstrating the wrong behaviour
-libcrypto version used on this distribution
-Maybe the output of the verbose mode of libssh

What's new in your report is that aes256-cbc and aes192-cbc were
broken. are you sure the change in kex.c was mandatory ?
Otherwise, does libssh 0.4.5 replaces well libssh 0.3.4 ?

You can have more information on the bug there:



Uday Tennety a écrit :
> Hello Aris,
> We noticed a problem with libssh using ciphers other than aes128-cbc for
> communication. We were previously using libssh-0.3.4, which used
> aes128-cbc for communication and it was working fine.  We now started
> using the new library i.e libssh-0.4.5 and we were unable to connect to
> our Network Elements or Linux machines.
> Upon investigation, we found that  we cannot connect to our Linux
> machines or our Network Elements when the libssh library makes use of
> aes256-ctr, aes256-cbc or aes192-cbc ciphers for ssh communication. But
> we do not see this problem while connecting to Solaris machines.
> In order to make libssh-0.4.5 to work for us, we had to make the
> following changes:
> After compilation and before running the 'make' command
> A) Open libssh-0.4.5/build/libssh/config.h
> Add the following line:
>  #define BROKEN_AES_CTR 1
> B) Open libssh-0.4.5/libssh/kex.c
> Comment the following statement and add the statement with aes128-cbc
> instead:
> //#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
> #define AES "aes128-cbc,"
> Please let me know if this is a problem with the compatibility of these
> ciphers with libssh library or something that we need to change in our
> environment here. Let me know if you need further information.
> Thanks for your help.
> Uday.

Re: libssh-0.4.5 - Problem with some ciphersUday Tennety <uday.tennety@xxxxxxxxxxxxxx>
libssh-0.4.5 - Problem with some ciphersUday Tennety <uday.tennety@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org