=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL,v retrieving revision 1.49 retrieving revision 1.49.2.1 diff -u -r1.49 -r1.49.2.1 --- src/usr.bin/ssh/PROTOCOL 2023/08/28 03:28:43 1.49 +++ src/usr.bin/ssh/PROTOCOL 2023/12/18 14:56:35 1.49.2.1 @@ -137,6 +137,32 @@ short packet lengths, which would not be possible with other approaches. +1.9 transport: strict key exchange extension + +OpenSSH supports a number of transport-layer hardening measures under +a "strict KEX" feature. This feature is signalled similarly to the +RFC8308 ext-info feature: by including a additional algorithm in the +initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append +"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server +may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms +are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored +if they are present in subsequent SSH2_MSG_KEXINIT packets. + +When an endpoint that supports this extension observes this algorithm +name in a peer's KEXINIT packet, it MUST make the following changes to +the the protocol: + +a) During initial KEX, terminate the connection if any unexpected or + out-of-sequence packet is received. This includes terminating the + connection if the first packet received is not SSH2_MSG_KEXINIT. + Unexpected packets for the purpose of strict KEX include messages + that are otherwise valid at any time during the connection such as + SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. +b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the + packet sequence number to zero. This behaviour persists for the + duration of the connection (i.e. not just the first + SSH2_MSG_NEWKEYS). + 2. Connection protocol changes 2.1. connection: Channel write close extension "eow@openssh.com" @@ -745,4 +771,4 @@ OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.49 2023/08/28 03:28:43 djm Exp $ +$OpenBSD: PROTOCOL,v 1.49.2.1 2023/12/18 14:56:35 bluhm Exp $