c - netbsd version of openssh has support for "diffie-hellman-group-exchange-sha256" but not for SHA256 for macs -
i have old version of netbsd using. wanted configure openssh use strong ciphers , macs, when saw available macs did not have support sha256 , higher. macs supported are
macs[] = { { "hmac-sha1", ssh_evp, evp_sha1, 0, -1, -1 }, { "hmac-sha1-96", ssh_evp, evp_sha1, 96, -1, -1 }, { "hmac-md5", ssh_evp, evp_md5, 0, -1, -1 }, { "hmac-md5-96", ssh_evp, evp_md5, 96, -1, -1 }, { "hmac-ripemd160", ssh_evp, evp_ripemd160, 0, -1, -1 }, { "hmac-ripemd160@openssh.com", ssh_evp, evp_ripemd160, 0, -1, -1 }, #ifdef umac_has_been_unbroken { "umac-64@openssh.com", ssh_umac, null, 0, 128, 64 }, #endif { null, 0, null, 0, -1, -1 } };
but when check supported ciphers key exchange, find sha256 can used
#define kex_dh1 "diffie-hellman-group1-sha1" #define kex_dh14 "diffie-hellman-group14-sha1" #define kex_dhgex_sha1 "diffie-hellman-group-exchange-sha1" #define kex_dhgex_sha256 "diffie-hellman-group-exchange-sha256"
how that. if there implementation of sha256 in netbsd openssh, why isn't available mac cipher?
openssh 5.0 had support sha-256 key exchange algorithm, not macs sha-256 hashes. reference, there source code:
https://github.com/openssh/openssh-portable/blob/v_5_0_p1/myproposal.h
the sha256 usage in mac , in key exchange totally distinct , 1 not affect other. if sha256 used in either of them depends on availability of hash in underlying openssl, if openssh implemented such algorithm. 10 years ago (2007), implemented key exchange algorithm (the mac standardized later).
the original rfc4253 not list sha256 algorithms. dh key exchange method standardized in rfc4419 (2006), hmacs using sha2 standardized late in 2012 in rfc6668.
your version between them, there no standard not implemented.
Comments
Post a Comment