tomaswolf opened a new pull request #205: URL: https://github.com/apache/mina-sshd/pull/205
Once SSH_MSG_NEWKEYS is sent any subsequent packet sent must use the new encoding settings. Once SSH_MSG_NEWKEYS is received, the new encoding settings are to be used for any message received. So set the cipher/mac/compression separately for outgoing and incoming messages in sendNewKeys() and handleNewKeys(). Previously, we set both only in handleNewKeys(), i.e., when the peer's SSH_MSG_NEWKEYS was received. This makes implementing a KEX extension handler more complicated than necessary since it had to delay sending the SSH_MSG_EXT_INFO packet until after the peer's SSH_MSG_NEW_KEYS was received. RFC 8308 recommends that "the server sends its SSH_MSG_EXT_INFO not only as the next packet after SSH_MSG_NEWKEYS, but without delay". This is now possible since the output settings are already set up correctly. SSH_MSG_EXT_INFO is always sent and received after SSH_MSG_NEWKEY, and the Apache MINA sshd implementation guarantees that either party handles the peer's SSH_MSG_NEWKEY *after* having sent its own SSH_MSG_NEWKEY. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
