- djm@cvs.openbsd.org 2014/04/18 23:52:25 [compat.c compat.h sshconnect2.c sshd.c version.h] OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@

commit: 9395b28223334826837c15e8c1bb4dfb3b0d2ca5 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Sun Apr 20 13:25:30 2014 +1000
committer: Damien Miller <djm@mindrot.org> Sun Apr 20 13:25:30 2014 +1000
tree: eea6ad14b14f5fe4f3eb0b791a76f73b706635dc
parent: 8c492da58f8ceb85cf5f7066f23e26fb813a963d [diff] [blame]
diff --git a/sshconnect2.c b/sshconnect2.c
index f123194..b1aa69c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.205 2014/03/27 23:01:27 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.206 2014/04/18 23:52:25 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -196,6 +196,8 @@
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
 
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
commit	9395b28223334826837c15e8c1bb4dfb3b0d2ca5	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Sun Apr 20 13:25:30 2014 +1000
committer	Damien Miller <djm@mindrot.org>	Sun Apr 20 13:25:30 2014 +1000
tree	eea6ad14b14f5fe4f3eb0b791a76f73b706635dc
parent	8c492da58f8ceb85cf5f7066f23e26fb813a963d [diff] [blame]