From 6a7bed06d77509dfe63c1119f51a1b38a9e36b57 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 28 Jul 2020 21:17:29 -0400 Subject: [PATCH] Added two new key exchanges: 'kexAlgoCurve25519SHA256' and 'Curve25519SHA256'. --- README.md | 2 +- ssh-audit.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c869294..5ea5e6f 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ $ brew install ssh-audit - Suppress recommendation of token host key types. - Added check for use-after-free vulnerability in PuTTY v0.73. - Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`. - - Added 1 new key exchange: `diffie-hellman-group1-sha256`. + - Added 3 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`. - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`. - Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`. diff --git a/ssh-audit.py b/ssh-audit.py index 25d3af6..eecf0e7 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -753,6 +753,8 @@ class SSH2: # pylint: disable=too-few-public-methods 'rsa1024-sha1': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]], 'rsa2048-sha256': [[]], 'sntrup4591761x25519-sha512@tinyssh.org': [['8.0'], [], [WARN_EXPERIMENTAL]], + 'kexAlgoCurve25519SHA256': [[]], + 'Curve25519SHA256': [[]], 'ext-info-c': [[]], # Extension negotiation (RFC 8308) 'ext-info-s': [[]], # Extension negotiation (RFC 8308) },