[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: master has no DES encryption cipher policy
[Thread Prev] | [Thread Next]
- Subject: Re: master has no DES encryption cipher policy
- From: Dmitriy Kuznetsov <dk@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 5 Sep 2012 19:13:25 +0400
- To: libssh@xxxxxxxxxx
Sorry for the lack of detail, I can not connect to some legacy device, log are:
---
: libssh 0.6.0 (c) 2003-2010 Aris Adamantiadis (aris@xxxxxxxxxxxx)
Distributed under the LGPL, please refer to COPYING file for
information about your rights, using threading threads_noop
: host 10.111.115.86 matches an IP address
: Nonblocking connection socket: 1868
: Socket connecting, now waiting for the callbacks to work
: ssh_connect: Actual timeout : 60000
: Received POLLOUT in connecting state
: Socket connection callback: 1 (0)
: Received banner: SSH-1.5-OpenSSH_3.7.1p3
: SSH server banner: SSH-1.5-OpenSSH_3.7.1p3
: Analyzing banner: SSH-1.5-OpenSSH_3.7.1p3
: We are talking to an OpenSSH client version: 3.7 (30700)
: Enabling POLLOUT for socket
: Reading a 271 bytes packet
: 1 bytes padding
: The packet is valid
: Dispatching handler for packet type 2
: Got a SSH_SMSG_PUBLIC_KEY
: Server bits: 768; Host bits: 1024; Protocol flags: 00000002; Cipher
mask: 00000004; Auth mask: 0000002c
ssh_packet_publickey1: Error: Remote server doesn't accept 3DES
: ssh_connect: Actual state : 9
---
function 'ssh_packet_publickey1' no support DES now, only 3DES:
--- ssh_packet_publickey1-from-kex.c-0.5.2 Wed Sep 5 19:11:38 2012
+++ ssh_packet_publickey1-from-kex1.c-0.5.9 Wed Sep 5 19:11:49 2012
@@ -15,8 +15,6 @@
ssh_string enc_session = NULL;
uint16_t bits;
int ko;
- uint32_t have3Des;
- uint32_t haveDes;
enter_function();
(void)type;
(void)user;
@@ -25,7 +23,7 @@
ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
goto error;
}
- if (buffer_get_data(packet, session->server_kex.cookie, 8) != 8) {
+ if (buffer_get_data(packet,
session->next_crypto->server_kex.cookie, 8) != 8) {
ssh_set_error(session, SSH_FATAL, "Can't get cookie in buffer");
goto error;
}
@@ -102,10 +100,7 @@
/* now, we must choose an encryption algo */
/* hardcode 3des */
- //
- have3Des = (supported_ciphers_mask & (1<<SSH_CIPHER_3DES));
- haveDes = (supported_ciphers_mask & (1<<SSH_CIPHER_DES));
- if(!have3Des && ! haveDes){
+ if (!(supported_ciphers_mask & (1 << SSH_CIPHER_3DES))) {
ssh_set_error(session, SSH_FATAL, "Remote server doesn't accept 3DES");
goto error;
}
@@ -114,12 +109,10 @@
if (buffer_add_u8(session->out_buffer, SSH_CMSG_SESSION_KEY) < 0) {
goto error;
}
-
- if (buffer_add_u8(session->out_buffer,have3Des?SSH_CIPHER_3DES:SSH_CIPHER_DES)
< 0) {
+ if (buffer_add_u8(session->out_buffer, SSH_CIPHER_3DES) < 0) {
goto error;
}
-
- if (buffer_add_data(session->out_buffer,
session->server_kex.cookie, 8) < 0) {
+ if (buffer_add_data(session->out_buffer,
session->next_crypto->server_kex.cookie, 8) < 0) {
goto error;
}
@@ -150,8 +143,8 @@
}
/* we can set encryption */
- if(crypt_set_algorithms(session, have3Des?0:1)){
- goto error;
+ if (crypt_set_algorithms(session)) {
+ goto error;
}
session->current_crypto = session->next_crypto;
2012/9/5 Andreas Schneider <asn@xxxxxxxxxxxxxx>:
> On Wednesday 05 September 2012 17:46:59 you wrote:
>> Why DES was removed from master ? There are 3DES only.
>> There are many legacy devices that supports DES only.
>> 0.5.2 branch support DES & 3DES, Can support of DES be restored in master ?
>
> What do you mean exactly? Please give more details.
>
> We didn't remove any DES support.
>
>
>
> -- andreas
>
> --
> Andreas Schneider GPG-ID: F33E3FC6
> www.cryptomilk.org asn@xxxxxxxxxxxxxx
>
>
| Re: master has no DES encryption cipher policy | Aris Adamantiadis <aris@xxxxxxxxxxxx> |
| master has no DES encryption cipher policy | Dmitriy Kuznetsov <dk@xxxxxxxxx> |
| Re: master has no DES encryption cipher policy | Andreas Schneider <asn@xxxxxxxxxxxxxx> |