mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-25 20:11:40 +01:00
Added aes128-ocb@libassh.org cipher.
This commit is contained in:
parent
b9f569fdf8
commit
8124c8e443
@ -227,6 +227,7 @@ For convenience, a web front-end on top of the command-line tool is available at
|
|||||||
- Custom policies now support the `allow_algorithm_subset_and_reordering` directive to allow targets to pass with a subset and/or re-ordered list of host keys, kex, ciphers, and MACs. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [yannik1015](https://github.com/yannik1015).
|
- Custom policies now support the `allow_algorithm_subset_and_reordering` directive to allow targets to pass with a subset and/or re-ordered list of host keys, kex, ciphers, and MACs. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [yannik1015](https://github.com/yannik1015).
|
||||||
- Custom policies now support the `allow_larger_keys` directive to allow targets to pass with larger host keys, CA keys, and Diffie-Hellman keys. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [Damian Szuberski](https://github.com/szubersk).
|
- Custom policies now support the `allow_larger_keys` directive to allow targets to pass with larger host keys, CA keys, and Diffie-Hellman keys. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [Damian Szuberski](https://github.com/szubersk).
|
||||||
- Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
|
- Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
|
||||||
|
- Added 1 new cipher: `aes128-ocb@libassh.org`.
|
||||||
|
|
||||||
### v3.1.0 (2023-12-20)
|
### v3.1.0 (2023-12-20)
|
||||||
- Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
|
- Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
The MIT License (MIT)
|
The MIT License (MIT)
|
||||||
|
|
||||||
Copyright (C) 2017-2023 Joe Testa (jtesta@positronsecurity.com)
|
Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com)
|
||||||
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
|
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
@ -297,6 +297,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods
|
|||||||
'aes128-ctr': [['3.7,d0.52,l10.4.1']],
|
'aes128-ctr': [['3.7,d0.52,l10.4.1']],
|
||||||
'aes128-gcm': [[]],
|
'aes128-gcm': [[]],
|
||||||
'aes128-gcm@openssh.com': [['6.2']],
|
'aes128-gcm@openssh.com': [['6.2']],
|
||||||
|
'aes128-ocb@libassh.org': [[], [], [WARN_CIPHER_MODE]],
|
||||||
'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]],
|
'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]],
|
||||||
'aes192-ctr': [['3.7,l10.4.1']],
|
'aes192-ctr': [['3.7,l10.4.1']],
|
||||||
'aes192-gcm@openssh.com': [[], [], [], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]],
|
'aes192-gcm@openssh.com': [[], [], [], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]],
|
||||||
|
Loading…
Reference in New Issue
Block a user