Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.

2025-06-23 02:54:33 +02:00 · 2021-02-01 19:19:46 -05:00
parent dbe14a075e
commit c49a0fb22f
12 changed files with 40 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -161,6 +161,8 @@ For convenience, a web front-end on top of the command-line tool is available at
 ### v2.4.0-dev (???)
 - Added multi-threaded scanning support.
 - Added version check for OpenSSH user enumeration (CVE-2018-15473).
+ - Added deprecation note to host key types based on SHA-1.
+ - Upgraded warnings to failures for host key types based on SHA-1.
 - Fixed crash when receiving unexpected response during host key test.
 - Fixed hang against older Cisco devices during host key test & gex test.
 - Fixed improper termination while scanning multiple targets when one target returns an error.