https://bugzilla.mindrot.org/show_bug.cgi?id=3306
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Darren Tucker <[email protected]> --- (In reply to balu from comment #1) > Can you please clarify if [email protected] is > enabled by default or not? It's compiled in by default: $ ssh -Q kex | grep sntrup [email protected] as long as the compiler supports variable length arrays: /* * sntrup761 uses variable length arrays, only enable if the compiler * supports them. */ #ifdef VARIABLE_LENGTH_ARRAYS # define USE_SNTRUP761X25519 1 #endif but it is not in the default KexAlgorithms list in either client: $ ssh -F /dev/null -G localhost | grep kex kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 or server: $ sudo /usr/sbin/sshd -f /dev/null -T | grep kex kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 so it is disabled by default and will never be used unless enabled at runtime by the user/admin in the configuration or flags. > Also is it an experimental algorithm? Yes. [...] > openbsd man page (https://man.openbsd.org/sshd_config.5) says it's > supported which means it's enabled. Those are not the same thing. For example, diffie-hellman-group1-sha1 is also supported but not enabled by default. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
