Joe Testa
|
064b55e0c2
|
Added 1 new key exchange algorithm: gss-nistp384-sha384-*
|
2024-03-14 16:01:48 -04:00 |
|
Joe Testa
|
8e972c5e94
|
Added test for the Terrapin vulnerability (CVE-2023-48795) (#227).
|
2023-12-18 18:24:49 -05:00 |
|
Joe Testa
|
e26597a7aa
|
Marked all NIST K-, B-, and T-curves as unproven since they are so rarely used. Added 12 new host keys: 'ecdsa-sha2-curve25519', 'ecdsa-sha2-nistb233', 'ecdsa-sha2-nistb409', 'ecdsa-sha2-nistk163', 'ecdsa-sha2-nistk233', 'ecdsa-sha2-nistk283', 'ecdsa-sha2-nistk409', 'ecdsa-sha2-nistp224', 'ecdsa-sha2-nistp192', 'ecdsa-sha2-nistt571', 'ssh-dsa', 'x509v3-sign-rsa-sha256'. Added 15 key exchanges: 'curve448-sha512@libssh.org', 'ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org', 'ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org', 'ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org', 'ecdh-sha2-brainpoolp256r1@genua.de', 'ecdh-sha2-brainpoolp384r1@genua.de', 'ecdh-sha2-brainpoolp521r1@genua.de', 'kexAlgoDH14SHA1', 'kexAlgoDH1SHA1', 'kexAlgoECDH256', 'kexAlgoECDH384', 'kexAlgoECDH521', 'sm2kep-sha2-nistp256', 'x25519-kyber-512r3-sha256-d00@amazon.com', 'x25519-kyber512-sha512@aws.amazon.com'. Added 8 new ciphers: 'aes192-gcm@openssh.com', 'cast128-12-cbc', 'cast128-12-cfb', 'cast128-12-ecb', 'cast128-12-ofb', 'des-cfb', 'des-ecb', 'des-ofb'. Added 14 new MACs: 'cbcmac-3des', 'cbcmac-aes', 'cbcmac-blowfish', 'cbcmac-des', 'cbcmac-rijndael', 'cbcmac-twofish', 'hmac-sha256-96', 'md5', 'md5-8', 'ripemd160', 'ripemd160-8', 'sha1', 'sha1-8', 'umac-128'.
|
2023-09-05 20:10:37 -04:00 |
|
Joe Testa
|
639f11a5e5
|
Results from concurrent scans against multiple hosts are no longer improperly combined (#190).
|
2023-06-19 14:13:32 -04:00 |
|
Joe Testa
|
521a50a796
|
Added 'curve448-sha512@libssh.org' kex. (#195)
|
2023-06-19 10:35:13 -04:00 |
|
Joe Testa
|
4f31304b66
|
Alphabetized algorithm database.
|
2023-03-28 12:09:25 -04:00 |
|
Joe Testa
|
cc9e4fbc4a
|
Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures.
|
2023-03-23 21:36:02 -04:00 |
|
Joe Testa
|
992aa1b961
|
Added support for kex GSS wildcards (#143).
|
2023-03-21 22:17:23 -04:00 |
|
thecliguy
|
e2a9896397
|
Deprecation of ssh-rsa signature algorithm in OpenSSH 8.8 (#171)
|
2023-03-21 14:52:23 -04:00 |
|
Joe Testa
|
c9dc9a9c10
|
Now issues a warning when 2048-bit moduli are encountered.
|
2023-02-06 16:27:30 -05:00 |
|
Joe Testa
|
f9e00b6f2d
|
Renamed WARN_CURVES_WEAK to FAIL_CURVES_WEAK.
|
2023-02-03 17:22:10 -05:00 |
|
Joe Testa
|
433c7e779d
|
Added 2 new ciphers: 'rijndael-cbc@ssh.com', 'cast128-12-cbc@ssh.com'. Added 21 new host key types: .
|
2023-02-02 18:57:53 -05:00 |
|
Joe Testa
|
984ea1eee3
|
Added the following 9 new host key types: 'dsa2048-sha224@libassh.org', 'dsa2048-sha256@libassh.org', 'dsa3072-sha256@libassh.org', 'ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com', 'eddsa-e382-shake256@libassh.org', 'eddsa-e521-shake256@libassh.org', 'null', 'pgp-sign-dss', 'pgp-sign-rsa'. Added the following 22 new key exchange algorithms: 'diffie-hellman-group-exchange-sha224@ssh.com', 'diffie-hellman-group-exchange-sha384@ssh.com', 'diffie-hellman-group14-sha224@ssh.com', 'diffie-hellman_group17-sha512', 'ecmqv-sha2', 'gss-13.3.132.0.10-sha256-*', 'gss-curve25519-sha256-*', 'gss-curve448-sha512-*', 'gss-gex-sha1-*', 'gss-gex-sha256-*', 'gss-group1-sha1-*', 'gss-group14-sha1-*', 'gss-group14-sha256-*', 'gss-group15-sha512-*', 'gss-group16-sha512-*', 'gss-group17-sha512-*', 'gss-group18-sha512-*', 'gss-nistp256-sha256-*', 'gss-nistp384-sha256-*', 'gss-nistp521-sha512-*', 'm383-sha384@libassh.org', 'm511-sha512@libassh.org'. Added the following 26 new ciphers: '3des-cfb', '3des-ecb', '3des-ofb', 'blowfish-cfb', 'blowfish-ecb', 'blowfish-ofb', 'camellia128-cbc@openssh.org', 'camellia128-ctr@openssh.org', 'camellia192-cbc@openssh.org', 'camellia192-ctr@openssh.org', 'camellia256-cbc@openssh.org', 'camellia256-ctr@openssh.org', 'cast128-cfb', 'cast128-ecb', 'cast128-ofb', 'idea-cfb', 'idea-ecb', 'idea-ofb', 'seed-ctr@ssh.com', 'serpent128-gcm@libassh.org', 'serpent256-gcm@libassh.org', 'twofish-cfb', 'twofish-ecb', 'twofish-ofb', 'twofish128-gcm@libassh.org', 'twofish256-gcm@libassh.org'. Added the following 4 new HMAC algorithms: 'hmac-sha224@ssh.com', 'hmac-sha256-2@ssh.com', 'hmac-sha384@ssh.com', 'hmac-whirlpool'.
|
2023-02-02 18:30:40 -05:00 |
|
Joe Testa
|
3300c60aaa
|
Added 'ssh-xmss@openssh.com' and 'ssh-xmss-cert-v01@openssh.com' experimental host keys (#146).
|
2022-10-14 23:21:09 -04:00 |
|
Joe Testa
|
78a9475a32
|
Added hmac-sha1-96@openssh.com MAC. (#148)
|
2022-10-14 22:56:02 -04:00 |
|
Joe Testa
|
d429b543d0
|
Added support for host key 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com' (#149).
|
2022-10-10 20:51:37 -04:00 |
|
Joe Testa
|
113d1de443
|
Removed experimental warning tag from sntrup761x25519-sha512@openssh.com.
|
2022-04-10 12:16:25 -04:00 |
|
Joe Testa
|
5fbcb1b90f
|
Added 24 new key exchanges: 'ecdh-sha2-1.3.132.0.1', 'ecdh-sha2-1.2.840.10045.3.1.1', 'ecdh-sha2-1.3.132.0.33', 'ecdh-sha2-1.3.132.0.26', 'ecdh-sha2-1.3.132.0.27', 'ecdh-sha2-1.2.840.10045.3.1.7', 'ecdh-sha2-1.3.132.0.16', 'ecdh-sha2-1.3.132.0.34', 'ecdh-sha2-1.3.132.0.36', 'ecdh-sha2-1.3.132.0.37', 'ecdh-sha2-1.3.132.0.35', 'ecdh-sha2-1.3.132.0.38', 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==', 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==', 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==', 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==', 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==', 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==', 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==', 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==', 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==', 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==', 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==', 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w=='.
|
2021-10-20 22:25:20 -04:00 |
|
Joe Testa
|
076681a671
|
Added 3 new key exchanges: gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==, gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==, gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
|
2021-07-08 10:18:25 -04:00 |
|
Joe Testa
|
98a1fb0315
|
Added two new MACs: 'AEAD_AES_128_GCM', and 'AEAD_AES_256_GCM'.
|
2021-06-28 21:59:41 -04:00 |
|
Joe Testa
|
e508a963e7
|
Added 1 new MAC: hmac-ripemd160-96.
|
2021-05-20 14:17:37 -04:00 |
|
Joe Testa
|
1bbc3feb57
|
Added OpenSSH 8.5 built-in policy. Added sntrup761x25519-sha512@openssh.com kex.
|
2021-02-23 16:02:20 -05:00 |
|
Joe Testa
|
c49a0fb22f
|
Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.
|
2021-02-01 19:19:46 -05:00 |
|
thecliguy
|
dbe14a075e
|
Added future deprecation notice of ssh-rsa (#92)
|
2021-02-01 13:17:46 -05:00 |
|
Joe Testa
|
60de5e55cb
|
Transformed comment type annotations to variable declaration annotations.
|
2021-01-21 10:20:48 -05:00 |
|
Joe Testa
|
619efc7349
|
Flag 'ssh-rsa-cert-v01@openssh.com' as unsafe due to SHA-1 hash.
|
2020-10-20 17:39:34 -04:00 |
|
Joe Testa
|
1a5c0e7fad
|
Split ssh_audit.py into separate files (#47).
|
2020-10-15 14:34:23 -04:00 |
|