git.ipfire.org Git - ipfire-2.x.git/commit

author	Peter Müller <peter.mueller@ipfire.org>
	Sun, 28 Sep 2025 21:06:00 +0000 (21:06 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 30 Sep 2025 08:55:53 +0000 (08:55 +0000)
commit	345edfb9b4d2ba3eb76f2ac06647ebd7b774d09a
tree	9d8a045a35f27b41671170d3ccfe68e419a79323	tree \| snapshot
parent	98f14a3863aa34b492c8f2d984895f5d837260cd	commit \| diff

OpenSSH: Amend upstream default cipher changes

This patch implements the following change made to OpenSSH server
upstream in version 10.0:

* sshd(8): this release disables finite field (a.k.a modp)
   Diffie-Hellman key exchange in sshd by default. Specifically,
   this removes the "diffie-hellman-group*" and
   "diffie-hellman-group-exchange-*" methods from the default
   KEXAlgorithms list. The client is unchanged and continues to
   support these methods by default. Finite field Diffie Hellman
   is slow and computationally expensive for the same security
   level as Elliptic Curve DH or PQ key agreement while offering
   no redeeming advantages. ECDH has been specified for the SSH
   protocol for 15 years and some form of ECDH has been the default
   key exchange in OpenSSH for the last 14 years.

In addition, for both OpenSSH server and client, the following upstream
change made in version 9.9 is implemented:

* ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
   is now used by default for key agreement. This algorithm is
   considered to be safe against attack by quantum computers,
   is guaranteed to be no less strong than the popular
   curve25519-sha256 algorithm, has been standardised by NIST
   and is considerably faster than the previous default.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/ssh/ssh_config		diff \| blob \| blame \| history
config/ssh/sshd_config		diff \| blob \| blame \| history