nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 09:27:59 +00:00
Code Issues Projects Releases Wiki Activity
0.81
putty-source/ssh
History
Simon Tatham b80a41d386 Terrapin warning: say if reconfiguration can help. 
The Terrapin vulnerability affects the modified binary packet protocol
used with ChaCha20+Poly1305, and also CBC-mode ciphers in ETM mode.
It's best prevented by the new strict-kex mode, but if the server
can't handle that protocol alteration, another approach is to change
PuTTY's configuration so that it will negotiate a different algorithm.

That may not be possible either (an obvious case being if the server
has been manually configured to _only_ support vulnerable modes). But
if it is possible, then it would be nice for us to detect that and
show how to do it.

That could be a hard problem in general, but the most likely cause of
it is configuring ChaCha20 to the top of the cipher list, so that it's
selected ahead of things that aren't vulnerable. And it's reasonably
easy to do just one fantasy-renegotiation, having moved ChaCha20 down
to below the warn line, and see if that sorts it out. If it does, we
can pass on that advice to the user.
2023-12-13 18:49:17 +00:00
..
agentf.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
bpp1.c New Seat callback, seat_sent(). 2021-06-27 13:52:48 +01:00
bpp2.c Support OpenSSH's new strict kex feature. 2023-12-13 18:47:01 +00:00
bpp-bare.c New Seat callback, seat_sent(). 2021-06-27 13:52:48 +01:00
bpp.h Support OpenSSH's new strict kex feature. 2023-12-13 18:47:01 +00:00
ca-config.c Documentation for OpenSSH certificates. 2022-08-07 18:44:11 +01:00
censor1.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
censor2.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
channel.h Formatting: normalise back to 4-space indentation. 2022-08-03 20:48:46 +01:00
CMakeLists.txt Move host CA config box out into its own source file. 2022-05-01 10:16:19 +01:00
common.c Terrapin warning: say if reconfiguration can help. 2023-12-13 18:49:17 +00:00
connection1-client.c New Seat query, has_mixed_input_stream(). 2021-11-06 14:48:26 +00:00
connection1-server.c Formatting: normalise back to 4-space indentation. 2022-08-03 20:48:46 +01:00
connection1.c Packet protocol layers: new 'final_output' method. 2023-05-04 23:54:01 +01:00
connection1.h Richer data type for interactive prompt results. 2021-12-28 18:08:31 +00:00
connection2-client.c New Seat query, has_mixed_input_stream(). 2021-11-06 14:48:26 +00:00
connection2-server.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
connection2.c Packet protocol layers: new 'final_output' method. 2023-05-04 23:54:01 +01:00
connection2.h Richer data type for interactive prompt results. 2021-12-28 18:08:31 +00:00
crc-attack-detector.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
gss.h Update source file names in comments and docs. 2022-01-22 15:51:31 +00:00
gssc.c GSSAPI fix: don't pass GSS_C_NO_NAME to inquire_cred_by_mech. 2022-09-17 07:55:08 +01:00
gssc.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
kex2-client.c GSSAPI kex: don't call dh_is_gex() on ECDH algorithms. 2022-09-13 20:53:03 +01:00
kex2-server.c Refactor ecdh_kex into an organised vtable. 2022-04-15 17:46:06 +01:00
login1-server.c Packet protocol layers: new 'final_output' method. 2023-05-04 23:54:01 +01:00
login1.c Warn about Terrapin vulnerability for unpatched servers. 2023-12-13 18:47:08 +00:00
mainchan.c Formatting: realign run-on parenthesised stuff. 2022-08-03 20:48:46 +01:00
nogss.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
nosharing.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
pgssapi.c Unix GSSAPI: support static linking against Heimdal. 2022-09-17 07:55:08 +01:00
pgssapi.h Formatting: remove spurious spaces in 'type * var'. 2022-08-03 20:48:46 +01:00
portfwd.c Formatting: miscellaneous. 2022-08-03 20:48:46 +01:00
ppl.h Packet protocol layers: new 'final_output' method. 2023-05-04 23:54:01 +01:00
scpserver.c Generalise strbuf_catf() into put_fmt(). 2021-11-19 11:32:47 +00:00
server.c Refactor confirm_weak to use SeatDialogText. 2023-11-29 07:29:29 +00:00
server.h Update source file names in comments and docs. 2022-01-22 15:51:31 +00:00
sesschan.c Add some missing casts in ctype functions. 2023-04-19 14:28:36 +01:00
sftp.c Add a batch of missing 'static's. 2022-09-03 12:02:48 +01:00
sftp.h Fix a batch of typos in comments and docs. 2022-01-03 06:40:51 +00:00
sftpcommon.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
sftpserver.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
sharing.c Fix use-after-free on error returns from share_receive. 2023-08-19 10:15:47 +01:00
signal-list.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
ssh.c Fix segfault if SSH connection terminates very early. 2023-05-04 23:54:22 +01:00
transient-hostkey-cache.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
transport2.c Terrapin warning: say if reconfiguration can help. 2023-12-13 18:49:17 +00:00
transport2.h Warn about Terrapin vulnerability for unpatched servers. 2023-12-13 18:47:08 +00:00
ttymode-list.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
userauth2-client.c Work around key algorithm naming change in OpenSSH <= 7.7. 2023-05-05 00:05:28 +01:00
userauth2-server.c Packet protocol layers: new 'final_output' method. 2023-05-04 23:54:01 +01:00
verstring.c Work around key algorithm naming change in OpenSSH <= 7.7. 2023-05-05 00:05:28 +01:00
x11fwd.c Improve time-safety of XDM-AUTHORIZATION-1 validation. 2023-04-19 14:28:36 +01:00
zlib.c Add a batch of missing 'static's. 2022-09-03 12:02:48 +01:00