[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Need Your Valuable Inputs for diffie-hellman-group14-sha256
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: Re: Need Your Valuable Inputs for diffie-hellman-group14-sha256
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 31 Jan 2020 17:29:53 +0100
- To: libssh@xxxxxxxxxx
- Cc: "V Sidnal, Nagraju" <nagraju.sidnal@xxxxxxxxxxx>
On Thu, 2020-01-30 at 15:22 +0100, Andreas Schneider wrote: > On Thursday, 30 January 2020 13:39:42 CET V Sidnal, Nagraju wrote: > > Dear Team, > > Hi Nagraju, > > > We want to use libssh for our application to interact with SSH > > Server. > > We would like to know if libssh supports KEY_EXCHANGE = > > diffie-hellman-group14-sha256. > > we don't support it, as we have: > > diffie-hellman-group18-sha512, diffie-hellman-group16-sha512 > > can't you use those? What is the reason for diffie-hellman-group14- > sha256? Hello, The latest RFC mentioning this is RFC 8268 [1], which defines it as a smooth transition (as the group14 is supported in all ssh implementations and the change is only the the digest), but recommends to avoid this group in other paragraphs. I found also some old drafts suggesting that this should be mandatory, but neither of them got published as a RFC in the end. If it will turn out useful and needed for interoperability with particular peer, implementing this should be very easy as we already have all the primitives. But otherwise I would say that we will not want another key exchange method with very similar security as we already have. [1] https://tools.ietf.org/html/rfc8268 -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
| Need Your Valuable Inputs for diffie-hellman-group14-sha256 | "V Sidnal, Nagraju" <nagraju.sidnal@xxxxxxxxxxx> |
| Re: Need Your Valuable Inputs for diffie-hellman-group14-sha256 | Andreas Schneider <asn@xxxxxxxxxxxxxx> |