Joe Testa
|
7b3402b207
|
Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0.
|
2024-03-15 17:24:21 -04:00 |
Joe Testa
|
c259a83782
|
Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.
|
2023-12-19 14:03:28 -05:00 |
Joe Testa
|
38f9c21760
|
The color of all notes will be printed in green when the related algorithm is rated good.
|
2023-09-03 19:14:25 -04:00 |
Joe Testa
|
199e75f6cd
|
Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results.
|
2023-09-03 16:13:00 -04:00 |
Joe Testa
|
cc9e4fbc4a
|
Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures.
|
2023-03-23 21:36:02 -04:00 |
Joe Testa
|
71feaa191e
|
Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168).
|
2023-03-21 11:44:45 -04:00 |
Joe Testa
|
c9dc9a9c10
|
Now issues a warning when 2048-bit moduli are encountered.
|
2023-02-06 16:27:30 -05:00 |
Joe Testa
|
c6b8dc97e1
|
Fixed tests.
|
2022-02-21 21:48:10 -05:00 |
Joe Testa
|
c9a2f2955c
|
Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions.
|
2020-02-08 23:56:54 -05:00 |
Joe Testa
|
e62b548677
|
Updated info on curve25519-sha256 kex.
|
2019-10-21 11:50:23 -04:00 |
Joe Testa
|
4f138d7f82
|
Added docker testing framework.
|
2019-08-22 16:04:46 -04:00 |