]> git.ipfire.org Git - thirdparty/openssh-portable.git/commit
projects / thirdparty / openssh-portable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8e4bd6e) | patch
upstream: Check if dbclient supports SHA1 before trying SHA1-based V_9_9 anongit/V_9_9 github-selfhosted/V_9_9 github/V_9_9
authordtucker@openbsd.org <dtucker@openbsd.org>
Tue, 11 Mar 2025 07:42:08 +0000 (07:42 +0000)
committerDarren Tucker <dtucker@dtucker.net>
Sun, 16 Mar 2025 04:00:02 +0000 (15:00 +1100)
commit3eeda15eb9d3b9f2fd762ba3493ba88abe6bbcd9
treed9a0a156c61d54eca7a32c17c5191ad0e364afb2tree
parent8e4bd6ebdbde0ff22e0c1c1f1a134ef255af7595commit | diff
upstream: Check if dbclient supports SHA1 before trying SHA1-based

KEX.

Dropbear 2025.87 removed SHA1 support by default, which means
diffie-hellman-group14-sha1 is not available.  Unfortunately there isn't a
flag to query supported KEX, so instead check MACs and if it doesn't have
SHA1 methods, assuming SHA1 based KEXes are likewise not available.  Spotted
by anton@.

OpenBSD-Regress-ID: acfa8e26c001cb18b9fb81a27271c3b51288d304
regress/dropbear-kex.sh diff | blob | blame | history
Mirror of https://github.com/openssh/openssh-portable.git