jvz edited a comment on pull request #132: URL: https://github.com/apache/mina-sshd/pull/132#issuecomment-637901360
Found one OSS implementation of the RFC version (disabled by default) in Erlang OTP. Seems like the ambiguity about requiring a mac with an AEAD cipher caused OpenSSH to create their variant in the first place. Docs: https://manpages.ubuntu.com/manpages/bionic/man7/ssh.7.html More notes here about the official ciphers: https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml in RFC 4253, we have the following: > The chosen encryption algorithm to each direction MUST be the first algorithm on the client's name-list that is also on the server's name-list. and > The chosen MAC algorithm MUST be the first algorithm on the client's name-list that is also on the server's name-list. Then we go back to RFC 5647 which says: > If AES-GCM is selected as the encryption algorithm for a given tunnel, AES-GCM MUST also be selected as the Message Authentication Code (MAC) algorithm. Conversely, if AES-GCM is selected as the MAC algorithm, it MUST also be selected as the encryption algorithm. I'll note this ambiguity is avoided in the OpenSSH ChaCha protocol: https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Edit: I found another project: https://commoncriteria.github.io/pp/ssh/ssh-release.html ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
