lgoldstein commented on PR #446: URL: https://github.com/apache/mina-sshd/pull/446#issuecomment-1871748071
> check that the receive sequence number of the peer's initial KEX_INIT is 1. If not, there were earlier messages, and they disconnect. Done > as long as initialKexDone == false, only allow KEX messages. Reception of any other message causes the party to disconnect. You know the KEX code better than I do. I was not aware of this - please feel free to introduce it later on. However, I do have to ask why this is needed if the first step is implemented > When a party sends its own NEW_KEYS message, it resets the send sequence number to zero after having encoded the NEW_KEYS message itself. (So basically where it installs the new keys it also resets the message sequence counter.) Done > When a party receives a NEW_KEYS message, it resets the receive sequence number to zero after having decoded the message. (Same here: where we install the new keys, we also reset the counter.) Done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
