[jira] [Commented] (SSHD-1142) To pick up Mac/Cipher preferred values out of the default list

Wed, 17 Mar 2021 12:07:24 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17303670#comment-17303670
 ] 

Lyor Goldstein commented on SSHD-1142:
--------------------------------------

yes and no - please note that there are +2+ MAC/cipher/compressions being 
negotiated - one for data from client to server and the other for the other way 
around. While you can influence one of them (depending on whether you are the 
client or the server), the other is chosen by the peer according to its 
preferences. I strongly recommend re-reading [RFC 4253 - section 7.1 - 
Algorithm Negotiation|https://tools.ietf.org/html/rfc4253#section-7.1]

> To pick up Mac/Cipher preferred values out of the default list
> --------------------------------------------------------------
>
>                 Key: SSHD-1142
>                 URL: https://issues.apache.org/jira/browse/SSHD-1142
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Susmit Sarkar
>            Priority: Blocker
>
> Hello Lyor,
> I want to use a preferred value while configuring sftp adapter for both 
> cipher and mac algos:
> System.out.println(sshd.getMacFactories());
> [[email protected], [email protected], 
> [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-md5, 
> hmac-sha1-96, hmac-md5-96]
> Now if the customer wants a preferred value of *hmac-md5* how can I give it 
> priority compared to all other default ciphers?
> sshd.setMacFactoriesNames(Arrays.asList("hmac-md5"));
> This only sets to hmac-md5, but the list should contain all only the hmac-md5 
> will be in the priority order 1
> *[ hmac-md5]*
> [https://github.com/apache/mina-sshd/blob/master/docs/server-setup.md#configuring-ciphers-macs-digest]
> *One can configure other security components using built-in factories the 
> same way. It is important to remember though that the order of the factories 
> is important as it affects the key exchange phase where the client and server 
> decide what options to use out of each peer's reported preferences.*
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to