src/usr.bin/ssh/PROTOCOL - diff

Return to PROTOCOL CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/PROTOCOL between version 1.49 and 1.50

-version 1.49, 2023/08/28 03:28:43
+version 1.50, 2023/12/18 14:45:17
 Line 137
 Line 137
 Line 137
  short packet lengths, which would not be possible with other
  approaches.
+.9 transport: strict key exchange extension
+ OpenSSH supports a number of transport-layer hardening measures under
+ a "strict KEX" feature. This feature is signalled similarly to the
+ RFC8308 ext-info feature: by including a additional algorithm in the
+ initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
+ "kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
+ may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
+ are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
+ if they are present in subsequent SSH2_MSG_KEXINIT packets.
+ When an endpoint that supports this extension observes this algorithm
+ name in a peer's KEXINIT packet, it MUST make the following changes to
+ the the protocol:
+ a) During initial KEX, terminate the connection if any unexpected or
+    out-of-sequence packet is received. This includes terminating the
+    connection if the first packet received is not SSH2_MSG_KEXINIT.
+    Unexpected packets for the purpose of strict KEX include messages
+    that are otherwise valid at any time during the connection such as
+    SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
+ b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
+    packet sequence number to zero. This behaviour persists for the
+    duration of the connection (i.e. not just the first
+    SSH2_MSG_NEWKEYS).
 . Connection protocol changes
 .1. connection: Channel write close extension "eow@openssh.com"