aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2017-05-16 11:52:45 +0200
committerHans Nilsson <[email protected]>2017-05-17 15:18:28 +0200
commit4d7ff0a8169141d18335638cf7c6e48d4c18cdf2 (patch)
tree61b2296345cc53eaa6b371b1606ba3dacda706c7
parent90de09b680d33bf4e048771381134ac8d7e0fa70 (diff)
downloadotp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.tar.gz
otp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.tar.bz2
otp-4d7ff0a8169141d18335638cf7c6e48d4c18cdf2.zip
ssh: disable rsa-sha2-* for clients
because there is a bug in the client verification code for those algorithms
-rw-r--r--lib/ssh/src/ssh_options.erl29
1 files changed, 22 insertions, 7 deletions
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl
index aebb5a7062..12c0190082 100644
--- a/lib/ssh/src/ssh_options.erl
+++ b/lib/ssh/src/ssh_options.erl
@@ -392,6 +392,12 @@ default(server) ->
class => user_options
},
+ {preferred_algorithms, def} =>
+ #{default => ssh:default_algorithms(),
+ chk => fun check_preferred_algorithms/1,
+ class => user_options
+ },
+
%%%%% Undocumented
{infofun, def} =>
#{default => fun(_,_,_) -> void end,
@@ -430,11 +436,26 @@ default(client) ->
},
{pref_public_key_algs, def} =>
- #{default => ssh_transport:default_algorithms(public_key),
+ #{default => ssh_transport:default_algorithms(public_key) -- ['rsa-sha2-256',
+ 'rsa-sha2-512'],
chk => fun check_pref_public_key_algs/1,
class => user_options
},
+ {preferred_algorithms, def} =>
+ #{default => [{K,Vs} || {K,Vs0} <- ssh:default_algorithms(),
+ Vs <- [case K of
+ public_key ->
+ Vs0 -- ['rsa-sha2-256',
+ 'rsa-sha2-512'];
+ _ ->
+ Vs0
+ end]
+ ],
+ chk => fun check_preferred_algorithms/1,
+ class => user_options
+ },
+
{dh_gex_limits, def} =>
#{default => {1024, 6144, 8192}, % FIXME: Is this true nowadays?
chk => fun({Min,I,Max}) ->
@@ -500,12 +521,6 @@ default(common) ->
class => user_options
},
- {preferred_algorithms, def} =>
- #{default => ssh:default_algorithms(),
- chk => fun check_preferred_algorithms/1,
- class => user_options
- },
-
{id_string, def} =>
#{default => undefined, % FIXME: see ssh_transport:ssh_vsn/0
chk => fun(random) ->