I guess my question is “what is the crypto backend that will give my client the best chance of being able to connect to any unknown SFTP server”. Finding my way here, I initially built with WinCNG since my application also supports Schannel TLS connections using windows cryptography so I figured I already had the library loaded. And most people should be able to connect to Windows stuff. So much for that.
Browsing various documents I get the impression that mbedtls would be a good choice, but I want to be in the “mainstream” of libssh2 users. It would be nice to have a “for the beginner.doc” but that’s one of the hardest things on any software package – documentation that doesn’t assume you know much about it. William Shipley From: Daniel Jeliński Sent: Tuesday, March 26, 2019 1:09 AM To: libssh2 development Subject: Re: LIBSSH2_ERROR_KEX_FAILURE Hi, All ciphers provided by your client are insecure: RC4 is insecure, CBC mode of operation is insecure, client does not provide anything else. GCM is not supported by libssh2. CTR is not supported by wincng, though I think I saw some code to emulate it on top of ECB, wonder why it didn't work for you. I can't comment on chacha, but it may also be unimplemented in libssh2. Regards, Daniel wt., 26 mar 2019 o 00:34 William Shipley <will...@schuylerhouse.com> napisał(a): I've built libssh2 with wincng and have been testing with the CrushFTP server. All has been working smoothly. In trying to install my software at a client site, they are attempting to use AWS SFTP service. When performing the libssh2_session_handshake I am failing with a KEX error. A log from the server indicates: Mar 25 13:58:14 pathlabsrv sshd[4988]: fatal: no matching cipher found: client aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com [preauth] And, indeed, we do not have a matching cipher. I would have expected Windows cryptography to be generally 'vanilla' and I would have expected Amazon to support pretty much anything. From my limited experience they seem to have used Open SSH. Has anyone encountered this? Can anyone give me guidance? Wm -----Original Message----- From: Daniel Stenberg Sent: Monday, March 25, 2019 12:37 PM To: libssh2 development Subject: RELEASE: libssh2 1.8.2 Hi! I'm happy to announce a small update to the previous release as we managed to get a little hiccup included. Here's 1.8.2! Get it from https://www.libssh2.org/ as always! libssh2 1.8.2 This release includes the following bugfixes: o Fixed the misapplied userauth patch that broke 1.8.1 o moved the MAX size declarations from the public header This release would not have looked like this without help, code, reports and advice from friends like these: Will Cosgrove (1 contributors) -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel -------------------------------------------------------------------------------- _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
