https://bugzilla.mindrot.org/show_bug.cgi?id=2568
--- Comment #14 from Sebastian Unger <[email protected]> --- (In reply to Jakub Jelen from comment #13) > * Does not support SHA2, but provides SHA1 signature (silently) and > it is accepted by both client and server as I reported as a bug > #2799 (security concerns) Well, I'm not asking it to "silently" accept SHA1 signatures. I would find an option with a secure default acceptable. Also, I don't see how falling back from SHA2 to SHA1 reduces security when the server did accept SHA1's in the first place if the client negotiated them. This issue is about the case where client and server negotiate SHA2 but then the agent fails to sign because it does not support SHA2. -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
