Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.

2025-06-25 03:54:31 +02:00 · 2023-12-19 14:03:28 -05:00
parent 8e972c5e94
commit c259a83782
16 changed files with 183 additions and 56 deletions
--- a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
@ -1,8 +1,12 @@
 Host:   localhost:2222
-Policy: Hardened OpenSSH Server v8.0 (version 3)
+Policy: Hardened OpenSSH Server v8.0 (version 4)
 Result: [0;31m❌ Failed![0m
 [0;33m
 Errors:
+  * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match.
+    - Expected: 3072
+    - Actual:   4096
+
  * Host key (rsa-sha2-256) sizes did not match.
    - Expected: 4096
    - Actual:   3072