https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #13 from Darren Tucker <[email protected]> --- (In reply to Christoph Anton Mitterer from comment #10) [...] > Even though an attacker cannot (AFAIU??) for a connection to > downgrade to the weaker groups, The server's DH-GEX exchange hash includes the DH group sizes it received from the client. If these are modified in transit the exchange hash will not match. > it still doesn't give the server > admin a good way to "block out" weak clients. Do any such clients actually exist? RFC4419 says DH-GEX implementations SHOULD have a max group size of 8k. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
