mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Put DH group1-sha1 KEX below 'warn' by default.
Also try to upgrade the settings of people who haven't changed the defaults; but anyone who has, or anyone who's used the pre-release snapshots with elliptic-curve support, will have to review their settings manually.
This commit is contained in:
parent
697ea87808
commit
34add87ad2
@ -2394,15 +2394,16 @@ PuTTY currently supports the following key exchange methods:
|
|||||||
2048-bit group.
|
2048-bit group.
|
||||||
|
|
||||||
\b \q{Group 1}: Diffie-Hellman key exchange with a well-known
|
\b \q{Group 1}: Diffie-Hellman key exchange with a well-known
|
||||||
1024-bit group. This is less secure \#{FIXME better words} than
|
1024-bit group. We no longer recommend using this method, and it's
|
||||||
group 14, but may be faster with slow client or server machines,
|
not used by default in new installations; however, it may be the
|
||||||
and may be the only method supported by older server software.
|
only method supported by very old server software.
|
||||||
|
|
||||||
\b \q{\ii{Group exchange}}: with this method, instead of using a fixed
|
\b \q{\ii{Group exchange}}: with this method, instead of using a fixed
|
||||||
group, PuTTY requests that the server suggest a group to use for key
|
group, PuTTY requests that the server suggest a group to use for key
|
||||||
exchange; the server can avoid groups known to be weak, and possibly
|
exchange; the server can avoid groups known to be weak, and possibly
|
||||||
invent new ones over time, without any changes required to PuTTY's
|
invent new ones over time, without any changes required to PuTTY's
|
||||||
configuration. We recommend use of this method, if possible.
|
configuration. We recommend use of this method instead of the
|
||||||
|
well-known groups, if possible.
|
||||||
|
|
||||||
\b \q{\i{RSA key exchange}}: this requires much less computational
|
\b \q{\i{RSA key exchange}}: this requires much less computational
|
||||||
effort on the part of the client, and somewhat less on the part of
|
effort on the part of the client, and somewhat less on the part of
|
||||||
|
74
settings.c
74
settings.c
@ -19,11 +19,15 @@ static const struct keyvalwhere ciphernames[] = {
|
|||||||
{ "des", CIPHER_DES, -1, -1 }
|
{ "des", CIPHER_DES, -1, -1 }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* The default order here is sometimes overridden by the backward-
|
||||||
|
* compatibility warts in load_open_settings(), and should be kept
|
||||||
|
* in sync with those. */
|
||||||
static const struct keyvalwhere kexnames[] = {
|
static const struct keyvalwhere kexnames[] = {
|
||||||
{ "ecdh", KEX_ECDH, -1, +1 },
|
{ "ecdh", KEX_ECDH, -1, +1 },
|
||||||
|
/* This name is misleading: it covers both SHA-256 and SHA-1 variants */
|
||||||
{ "dh-gex-sha1", KEX_DHGEX, -1, -1 },
|
{ "dh-gex-sha1", KEX_DHGEX, -1, -1 },
|
||||||
{ "dh-group14-sha1", KEX_DHGROUP14, -1, -1 },
|
{ "dh-group14-sha1", KEX_DHGROUP14, -1, -1 },
|
||||||
{ "dh-group1-sha1", KEX_DHGROUP1, -1, -1 },
|
{ "dh-group1-sha1", KEX_DHGROUP1, KEX_WARN, +1 },
|
||||||
{ "rsa", KEX_RSA, KEX_WARN, -1 },
|
{ "rsa", KEX_RSA, KEX_WARN, -1 },
|
||||||
{ "WARN", KEX_WARN, -1, -1 }
|
{ "WARN", KEX_WARN, -1, -1 }
|
||||||
};
|
};
|
||||||
@ -309,20 +313,15 @@ static const char *val2key(const struct keyvalwhere *mapping,
|
|||||||
* to the end and duplicates are weeded.
|
* to the end and duplicates are weeded.
|
||||||
* XXX: assumes vals in 'mapping' are small +ve integers
|
* XXX: assumes vals in 'mapping' are small +ve integers
|
||||||
*/
|
*/
|
||||||
static void gprefs(void *sesskey, const char *name, const char *def,
|
static void gprefs_from_str(const char *str,
|
||||||
const struct keyvalwhere *mapping, int nvals,
|
const struct keyvalwhere *mapping, int nvals,
|
||||||
Conf *conf, int primary)
|
Conf *conf, int primary)
|
||||||
{
|
{
|
||||||
char *commalist;
|
char *commalist = dupstr(str);
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
int i, j, n, v, pos;
|
int i, j, n, v, pos;
|
||||||
unsigned long seen = 0; /* bitmap for weeding dups etc */
|
unsigned long seen = 0; /* bitmap for weeding dups etc */
|
||||||
|
|
||||||
/*
|
|
||||||
* Fetch the string which we'll parse as a comma-separated list.
|
|
||||||
*/
|
|
||||||
commalist = gpps_raw(sesskey, name, def);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Go through that list and convert it into values.
|
* Go through that list and convert it into values.
|
||||||
*/
|
*/
|
||||||
@ -393,6 +392,21 @@ static void gprefs(void *sesskey, const char *name, const char *def,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Read a preference list.
|
||||||
|
*/
|
||||||
|
static void gprefs(void *sesskey, const char *name, const char *def,
|
||||||
|
const struct keyvalwhere *mapping, int nvals,
|
||||||
|
Conf *conf, int primary)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Fetch the string which we'll parse as a comma-separated list.
|
||||||
|
*/
|
||||||
|
char *value = gpps_raw(sesskey, name, def);
|
||||||
|
gprefs_from_str(value, mapping, nvals, conf, primary);
|
||||||
|
sfree(value);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write out a preference list.
|
* Write out a preference list.
|
||||||
*/
|
*/
|
||||||
@ -784,20 +798,44 @@ void load_open_settings(void *sesskey, Conf *conf)
|
|||||||
gprefs(sesskey, "Cipher", "\0",
|
gprefs(sesskey, "Cipher", "\0",
|
||||||
ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
|
ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
|
||||||
{
|
{
|
||||||
/* Backward-compatibility: we used to have an option to
|
/* Backward-compatibility: before 0.58 (when the "KEX"
|
||||||
|
* preference was first added), we had an option to
|
||||||
* disable gex under the "bugs" panel after one report of
|
* disable gex under the "bugs" panel after one report of
|
||||||
* a server which offered it then choked, but we never got
|
* a server which offered it then choked, but we never got
|
||||||
* a server version string or any other reports. */
|
* a server version string or any other reports. */
|
||||||
const char *default_kexes;
|
const char *default_kexes,
|
||||||
|
*normal_default = "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,"
|
||||||
|
"WARN,dh-group1-sha1",
|
||||||
|
*bugdhgex2_default = "ecdh,dh-group14-sha1,rsa,"
|
||||||
|
"WARN,dh-group1-sha1,dh-gex-sha1";
|
||||||
|
char *raw;
|
||||||
i = 2 - gppi_raw(sesskey, "BugDHGEx2", 0);
|
i = 2 - gppi_raw(sesskey, "BugDHGEx2", 0);
|
||||||
if (i == FORCE_ON)
|
if (i == FORCE_ON)
|
||||||
default_kexes = "ecdh,dh-group14-sha1,dh-group1-sha1,rsa,"
|
default_kexes = bugdhgex2_default;
|
||||||
"WARN,dh-gex-sha1";
|
|
||||||
else
|
else
|
||||||
default_kexes = "ecdh,dh-gex-sha1,dh-group14-sha1,"
|
default_kexes = normal_default;
|
||||||
"dh-group1-sha1,rsa,WARN";
|
/* Migration: after 0.67 we decided we didn't like
|
||||||
gprefs(sesskey, "KEX", default_kexes,
|
* dh-group1-sha1. If it looks like the user never changed
|
||||||
kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
|
* the defaults, quietly upgrade their settings to demote it.
|
||||||
|
* (If they did, they're on their own.) */
|
||||||
|
raw = gpps_raw(sesskey, "KEX", default_kexes);
|
||||||
|
assert(raw != NULL);
|
||||||
|
/* Lack of 'ecdh' tells us this was saved by 0.58-0.67
|
||||||
|
* inclusive. If it was saved by a later version, we need
|
||||||
|
* to leave it alone. */
|
||||||
|
if (strcmp(raw, "dh-group14-sha1,dh-group1-sha1,rsa,"
|
||||||
|
"WARN,dh-gex-sha1") == 0) {
|
||||||
|
/* Previously migrated from BugDHGEx2. */
|
||||||
|
sfree(raw);
|
||||||
|
raw = dupstr(bugdhgex2_default);
|
||||||
|
} else if (strcmp(raw, "dh-gex-sha1,dh-group14-sha1,"
|
||||||
|
"dh-group1-sha1,rsa,WARN") == 0) {
|
||||||
|
/* Untouched old default setting. */
|
||||||
|
sfree(raw);
|
||||||
|
raw = dupstr(normal_default);
|
||||||
|
}
|
||||||
|
gprefs_from_str(raw, kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
|
||||||
|
sfree(raw);
|
||||||
}
|
}
|
||||||
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
|
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
|
||||||
hknames, HK_MAX, conf, CONF_ssh_hklist);
|
hknames, HK_MAX, conf, CONF_ssh_hklist);
|
||||||
|
Loading…
Reference in New Issue
Block a user