Now issues a warning when 2048-bit moduli are encountered.

2025-06-24 19:44:33 +02:00 · 2023-02-06 16:27:30 -05:00
parent f9e00b6f2d
commit c9dc9a9c10
17 changed files with 93 additions and 42 deletions
--- a/test/docker/expected_results/openssh_5.6p1_test3.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test3.txt
@ -28,6 +28,7 @@
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
+[0;33m                                            `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] using small 1024-bit modulus[0m
 [0;31m                                            `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
@ -127,7 +128,7 @@
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m

 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
-[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
+[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m