- djm@cvs.openbsd.org 2014/04/18 23:52:25

[compat.c compat.h sshconnect2.c sshd.c version.h] OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
author: Damien Miller <djm@mindrot.org> 2014-04-20 13:25:30 +1000
committer: Damien Miller <djm@mindrot.org> 2014-04-20 13:25:30 +1000
commit: 9395b28223334826837c15e8c1bb4dfb3b0d2ca5 (patch)
tree: eea6ad14b14f5fe4f3eb0b791a76f73b706635dc /ChangeLog
parent: 8c492da58f8ceb85cf5f7066f23e26fb813a963d (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 3e8592118..5b53c216c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -98,6 +98,16 @@
     remove the identity files from this manpage - ssh-agent doesn't deal
     with them at all and the same information is duplicated in ssh-add.1
     (which does deal with them); prodded by deraadt@
+   - djm@cvs.openbsd.org 2014/04/18 23:52:25
+     [compat.c compat.h sshconnect2.c sshd.c version.h]
+     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
+     using the curve25519-sha256@libssh.org KEX exchange method to fail
+     when connecting with something that implements the spec properly.
+     
+     Disable this KEX method when speaking to one of the affected
+     versions.
+     
+     reported by Aris Adamantiadis; ok markus@
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
author	Damien Miller <djm@mindrot.org>	2014-04-20 13:25:30 +1000
committer	Damien Miller <djm@mindrot.org>	2014-04-20 13:25:30 +1000
commit	9395b28223334826837c15e8c1bb4dfb3b0d2ca5 (patch)
tree	eea6ad14b14f5fe4f3eb0b791a76f73b706635dc /ChangeLog
parent	8c492da58f8ceb85cf5f7066f23e26fb813a963d (diff)

diff --git a/ChangeLog b/ChangeLog index 3e8592118..5b53c216c 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -98,6 +98,16 @@
98	remove the identity files from this manpage - ssh-agent doesn't deal	98	remove the identity files from this manpage - ssh-agent doesn't deal
99	with them at all and the same information is duplicated in ssh-add.1	99	with them at all and the same information is duplicated in ssh-add.1
100	(which does deal with them); prodded by deraadt@	100	(which does deal with them); prodded by deraadt@
		101	- djm@cvs.openbsd.org 2014/04/18 23:52:25
		102	[compat.c compat.h sshconnect2.c sshd.c version.h]
		103	OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
		104	using the curve25519-sha256@libssh.org KEX exchange method to fail
		105	when connecting with something that implements the spec properly.
		106
		107	Disable this KEX method when speaking to one of the affected
		108	versions.
		109
		110	reported by Aris Adamantiadis; ok markus@
101		111
102	20140401	112	20140401
103	- (djm) On platforms that support it, use prctl() to prevent sftp-server	113	- (djm) On platforms that support it, use prctl() to prevent sftp-server