From 064b55e0c230ef243a0d8244711422354f147a39 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Thu, 14 Mar 2024 16:01:48 -0400 Subject: [PATCH] Added 1 new key exchange algorithm: gss-nistp384-sha384-* --- README.md | 1 + src/ssh_audit/ssh2_kexdb.py | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 758c6c0..848893d 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,7 @@ For convenience, a web front-end on top of the command-line tool is available at - Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests. - Added built-in policy for OpenSSH 9.7. - Changed Docker base image from `python:3-slim` to `python:3-alpine`, resulting in a 59% reduction in image size; credit [Daniel Thamdrup](https://github.com/dallemon). + - Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`. ### v3.1.0 (2023-12-20) - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)). diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py index 36130da..59fbfe5 100644 --- a/src/ssh_audit/ssh2_kexdb.py +++ b/src/ssh_audit/ssh2_kexdb.py @@ -176,6 +176,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'gss-group1-sha1-*': [[], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1]], 'gss-nistp256-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'gss-nistp384-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'gss-nistp384-sha384-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'gss-nistp521-sha512-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'kexAlgoCurve25519SHA256': [[]], 'kexAlgoDH14SHA1': [[], [FAIL_SHA1], [WARN_2048BIT_MODULUS]],