Updated info on curve25519-sha256 kex.

2025-10-31 05:25:28 +01:00 · 2019-10-21 11:50:23 -04:00
parent fd85e247e7
commit e62b548677
6 changed files with 11 additions and 11 deletions
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -347,7 +347,7 @@ class SSH2(object):  # pylint: disable=too-few-public-methods
 				'ecdh-sha2-nistp521': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
 				'ecdh-sha2-1.3.132.0.10': [[]], # ECDH over secp256k1 (i.e.: the Bitcoin curve)
 				'curve25519-sha256@libssh.org': [['6.5,d2013.62,l10.6.0']],
-				'curve25519-sha256': [['7.4']],
+				'curve25519-sha256': [['7.4,d2018.76']],
 				'curve448-sha512': [[]],
 				'kexguess2@matt.ucc.asn.au': [['d2013.57']],
 				'rsa1024-sha1': [[], [], [WARN_MODULUS_SIZE, WARN_HASH_WEAK]],
--- a/test/docker/expected_results/dropbear_2019.78_test1.txt
+++ b/test/docker/expected_results/dropbear_2019.78_test1.txt
@@ -1,11 +1,11 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-dropbear_2019.78[0m
 [0;32m(gen) software: Dropbear SSH 2019.78[0m
-[0;32m(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2016.73+[0m
+[0;32m(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# key exchange algorithms[0m
-[0;32m(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4[0m
+[0;32m(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp521             -- [fail] using weak elliptic curves[0m
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
--- a/test/docker/expected_results/openssh_8.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@@ -1,11 +1,11 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
-[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2016.73+[0m
+[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# key exchange algorithms[0m
-[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4[0m
+[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
--- a/test/docker/expected_results/openssh_8.0p1_test2.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test2.txt
@@ -1,11 +1,11 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
-[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2016.73+[0m
+[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# key exchange algorithms[0m
-[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4[0m
+[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
--- a/test/docker/expected_results/openssh_8.0p1_test3.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test3.txt
@@ -1,11 +1,11 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
-[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2013.62+[0m
+[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# key exchange algorithms[0m
-[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4[0m
+[0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;32m(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4[0m

--- a/test/docker/expected_results/tinyssh_20190101_test1.txt
+++ b/test/docker/expected_results/tinyssh_20190101_test1.txt
@@ -1,10 +1,10 @@
 [0;36m# general[0m
 [0;32m(gen) software: TinySSH noversion[0m
-[0;32m(gen) compatibility: OpenSSH 8.0+, Dropbear SSH 2013.62+[0m
+[0;32m(gen) compatibility: OpenSSH 8.0+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: disabled[0m

 [0;36m# key exchange algorithms[0m
-[0;32m(kex) curve25519-sha256                       -- [info] available since OpenSSH 7.4[0m
+[0;32m(kex) curve25519-sha256                       -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org            -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;33m(kex) sntrup4591761x25519-sha512@tinyssh.org  -- [warn] using experimental algorithm[0m
                                              `- [info] available since OpenSSH 8.0