Commit Graph

17 Commits

Author SHA1 Message Date
Joe Testa
28a1e23986 Added warnings to all key exchanges that do not provide protection against quantum attacks. 2024-11-25 15:56:51 -05:00
Joe Testa
93b30b4258 Removed version-based CVE information. (#240) 2024-09-26 13:15:58 -04:00
Joe Testa
d7f8bf3e6d Updated notes on OpenSSH default key exchanges. (#258) 2024-03-19 18:24:22 -04:00
Joe Testa
3d403b1d70 Updated availability of algorithms in Dropbear. (#257) 2024-03-19 15:47:09 -04:00
Joe Testa
7b3402b207 Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0. 2024-03-15 17:24:21 -04:00
Joe Testa
c259a83782 Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures. 2023-12-19 14:03:28 -05:00
Joe Testa
38f9c21760 The color of all notes will be printed in green when the related algorithm is rated good. 2023-09-03 19:14:25 -04:00
Joe Testa
199e75f6cd Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results. 2023-09-03 16:13:00 -04:00
Joe Testa
263267c5ad Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120). 2023-04-25 09:17:32 -04:00
Joe Testa
cc9e4fbc4a Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures. 2023-03-23 21:36:02 -04:00
Joe Testa
71feaa191e Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168). 2023-03-21 11:44:45 -04:00
Joe Testa
c9dc9a9c10 Now issues a warning when 2048-bit moduli are encountered. 2023-02-06 16:27:30 -05:00
Joe Testa
c6b8dc97e1 Fixed tests. 2022-02-21 21:48:10 -05:00
Joe Testa
c9a2f2955c Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions. 2020-02-08 23:56:54 -05:00
Joe Testa
e62b548677 Updated info on curve25519-sha256 kex. 2019-10-21 11:50:23 -04:00
Joe Testa
fd3a1f7d41 Added client audit functionality. (#3) 2019-09-27 18:14:36 -04:00
Joe Testa
4f138d7f82 Added docker testing framework. 2019-08-22 16:04:46 -04:00