diff options
author | Damien Miller <djm@mindrot.org> | 2013-01-09 16:12:19 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-01-09 16:12:19 +1100 |
commit | 1d75abfe23cadf8cdba0bd2cfd54f3bc1ca80dc5 (patch) | |
tree | b717aa08dcc3c018d6fdae575017b3cb5fd92767 /PROTOCOL | |
parent | aa7ad3039c671c157bb99217d60674dad8154a22 (diff) |
- markus@cvs.openbsd.org 2013/01/08 18:49:04
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
[myproposal.h packet.c ssh_config.5 sshd_config.5]
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
ok and feedback djm@
Diffstat (limited to 'PROTOCOL')
-rw-r--r-- | PROTOCOL | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -79,6 +79,18 @@ contains: | |||
79 | byte[n1] payload; n1 = packet_length - padding_length - 1 | 79 | byte[n1] payload; n1 = packet_length - padding_length - 1 |
80 | byte[n2] random padding; n2 = padding_length | 80 | byte[n2] random padding; n2 = padding_length |
81 | 81 | ||
82 | 1.6 transport: AES-GCM | ||
83 | |||
84 | OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. | ||
85 | Because of problems with the specification of the key exchange | ||
86 | the behaviour of OpenSSH differs from the RFC as follows: | ||
87 | |||
88 | AES-GCM is only negotiated as the cipher algorithms | ||
89 | "aes128-gcm@openssh.com" or "aes256-gcm@openssh.com" and never as | ||
90 | an MAC algorithm. Additionally, if AES-GCM is selected as the cipher | ||
91 | the exchanged MAC algorithms are ignored and there doesn't have to be | ||
92 | a matching MAC. | ||
93 | |||
82 | 2. Connection protocol changes | 94 | 2. Connection protocol changes |
83 | 95 | ||
84 | 2.1. connection: Channel write close extension "eow@openssh.com" | 96 | 2.1. connection: Channel write close extension "eow@openssh.com" |
@@ -319,4 +331,4 @@ link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. | |||
319 | This extension is advertised in the SSH_FXP_VERSION hello with version | 331 | This extension is advertised in the SSH_FXP_VERSION hello with version |
320 | "1". | 332 | "1". |
321 | 333 | ||
322 | $OpenBSD: PROTOCOL,v 1.19 2013/01/03 12:49:01 djm Exp $ | 334 | $OpenBSD: PROTOCOL,v 1.20 2013/01/08 18:49:04 markus Exp $ |