diff options
author | Hans Nilsson <[email protected]> | 2017-05-16 11:52:45 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-05-17 15:18:28 +0200 |
commit | 4d7ff0a8169141d18335638cf7c6e48d4c18cdf2 (patch) | |
tree | 61b2296345cc53eaa6b371b1606ba3dacda706c7 | |
parent | 90de09b680d33bf4e048771381134ac8d7e0fa70 (diff) | |
download | otp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.tar.gz otp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.tar.bz2 otp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.zip |
ssh: disable rsa-sha2-* for clients
because there is a bug in the client verification code for those algorithms
-rw-r--r-- | lib/ssh/src/ssh_options.erl | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index aebb5a7062..12c0190082 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -392,6 +392,12 @@ default(server) -> class => user_options }, + {preferred_algorithms, def} => + #{default => ssh:default_algorithms(), + chk => fun check_preferred_algorithms/1, + class => user_options + }, + %%%%% Undocumented {infofun, def} => #{default => fun(_,_,_) -> void end, @@ -430,11 +436,26 @@ default(client) -> }, {pref_public_key_algs, def} => - #{default => ssh_transport:default_algorithms(public_key), + #{default => ssh_transport:default_algorithms(public_key) -- ['rsa-sha2-256', + 'rsa-sha2-512'], chk => fun check_pref_public_key_algs/1, class => user_options }, + {preferred_algorithms, def} => + #{default => [{K,Vs} || {K,Vs0} <- ssh:default_algorithms(), + Vs <- [case K of + public_key -> + Vs0 -- ['rsa-sha2-256', + 'rsa-sha2-512']; + _ -> + Vs0 + end] + ], + chk => fun check_preferred_algorithms/1, + class => user_options + }, + {dh_gex_limits, def} => #{default => {1024, 6144, 8192}, % FIXME: Is this true nowadays? chk => fun({Min,I,Max}) -> @@ -500,12 +521,6 @@ default(common) -> class => user_options }, - {preferred_algorithms, def} => - #{default => ssh:default_algorithms(), - chk => fun check_preferred_algorithms/1, - class => user_options - }, - {id_string, def} => #{default => undefined, % FIXME: see ssh_transport:ssh_vsn/0 chk => fun(random) -> |