Hello Atsuhiko, thanks for your answer. Yes I will likely file an Eclipse Bugzilla bug for this. Just wondering, why couldn't the core jsch library try and auto-detect what algorightms are available?
Thanks, -- Martin Oberhuber Wind River Systems, Inc. Target Management Project Lead, DSDP PMC Member http://www.eclipse.org/dsdp/tm > -----Original Message----- > From: Atsuhiko Yamanaka [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 01, 2007 8:54 AM > To: Oberhuber, Martin > Cc: jsch-users@lists.sourceforge.net > Subject: Re: [JSch-users] AES ciphers on Jsch (was: JSch on > Vmware ESX 3.0) > > Hi, > > +-From: "Oberhuber, Martin" <[EMAIL PROTECTED]> -- > |_Date: Tue, 31 Jul 2007 15:27:49 +0200 _______________________ > | > |Does this mean that in order to be most compatbile, any Jsch > |application that knows it's running on an 1.4 or later JVM > |should include code like this: > | java.util.Hashtable config=new java.util.Hashtable(); > | config.put("cipher.s2c", > "aes128-cbc,3des-cbc,blowfish-cbc"); > | config.put("cipher.c2s", > "aes128-cbc,3des-cbc,blowfish-cbc"); > | session.setConfig(config); > |this is important for us as our Eclipse based application > |is known to run on Java 1.4 or later, and we'd like to be > |most compatible. > > The situation is little bit complicated. > > Since J2SE 1.4.0, Sun's JREs have included JCE(Java > Cryptography Extension) > and Sun's JCE provider, but AES has been only available since > J2SE 1.4.2. > > And then..., AES supports three key length; 128-bit, 192-bit > and 256-bit keys > and SSH2's RFC has defined following three ciphers, > aes128-cbc, aes192-cbc, aes256-cbc. > Unfortunately, J2SE 1.4.2(and Java5) only supports 128-bit > key by the default, > due to import control restrictions of some countries. > To enable the support for 192-bit and 256-bit key, > users must install some programs by themselves[1]. > > |Can there be any negative side-effect of adding that config? > |Would would happen if that code were in an application but > |the JVM does not support AES? > > On such a case, the session will not be established. > > As a commiter of 'org.eclipse.jsch.core' plug-in included in > Eclipse Platform > I have been thinking of enabling aes*-cbc ciphers if the AES > cipher is > available on user's environment. If you file an entry at > Eclipse.org's. > bugzilla, I'll address it. > > [1] http://java.sun.com/products/jce/javase.html#UnlimitedDownload > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Fax +81-22-224-8773 > Skype callto://jcraft/ > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users
