Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.

2025-06-25 12:04:32 +02:00 · 2023-12-19 14:03:28 -05:00
parent 8e972c5e94
commit c259a83782
16 changed files with 183 additions and 56 deletions
--- a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
@ -46,9 +46,21 @@
                "umac-128-etm@openssh.com"
            ],
            "mismatched_field": "MACs"
+        },
+        {
+            "actual": [
+                "4096"
+            ],
+            "expected_optional": [
+                ""
+            ],
+            "expected_required": [
+                "3072"
+            ],
+            "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes"
        }
    ],
    "host": "localhost",
    "passed": false,
-    "policy": "Hardened OpenSSH Server v8.0 (version 3)"
+    "policy": "Hardened OpenSSH Server v8.0 (version 4)"
 }