Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: update kex & mac defaults #24224

Closed
wjwoodson opened this issue Mar 2, 2018 · 3 comments
Closed

x/crypto/ssh: update kex & mac defaults #24224

wjwoodson opened this issue Mar 2, 2018 · 3 comments
Milestone

Comments

@wjwoodson
Copy link

@wjwoodson wjwoodson commented Mar 2, 2018

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

1.9.2

Does this issue reproduce with the latest release?

Yes (1.10)

What operating system and processor architecture are you using (go env)?

go1.9.2.linux-amd64

What did you do?

SetDefaults() sets unsafe KeyExchanges and MACs by default.

var supportedMACs = []string{
	"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",
}

var supportedKexAlgos = []string{
	kexAlgoCurve25519SHA256,
	// P384 and P521 are not constant-time yet, but since we don't
	// reuse ephemeral keys, using them for ECDH should be OK.
	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
	kexAlgoDH14SHA1, kexAlgoDH1SHA1,
}
func (c *Config) SetDefaults() {

	if c.KeyExchanges == nil {
		c.KeyExchanges = supportedKexAlgos
	}

	if c.MACs == nil {
		c.MACs = supportedMACs
	}

}

What did you expect to see?

keyExchanges and MACs configured by SetDefaults() should use defaults like preferredCiphers is configured for ciphers.

var preferredMACs = []string{
	"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256",
}

var preferredKexAlgos = []string{
	kexAlgoCurve25519SHA256,
}
func (c *Config) SetDefaults() {

	if c.KeyExchanges == nil {
		c.KeyExchanges = preferredKexAlgos
	}

	if c.MACs == nil {
		c.MACs = preferredMACs
	}

}

Updating these should maintain default compatibility back to OpenSSH 6.5 (January 2014) / Dropbear 2013.62 (December 2013), as well as x/crypto/ssh as of August 2015.

What did you see instead?

(above)

@bradfitz bradfitz changed the title Update x/crypto/ssh kex & mac defaults x/crypto/ssh: update kex & mac defaults Mar 2, 2018
@gopherbot gopherbot added this to the Unreleased milestone Mar 2, 2018
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 2, 2018

/cc @hanwen

@hanwen
Copy link
Contributor

@hanwen hanwen commented Mar 7, 2018

If you keep up to date and know what the best algorithms are, chances are you should just configure them yourself.

The problem is that SetDefaults is used both by the server and the client, and we don't know in what setting they are used. If we use a conservative ("paranoid") default, that will make many connections fail, generating bug reports, and causing people to explicitly set algorithms. The latter will then cause clients and servers not to pick up newer algorithms as they're added to the package.

@andybons
Copy link
Member

@andybons andybons commented Mar 7, 2018

Closing as it seems a decision was made not to address this.

/cc @FiloSottile in case he wants to weigh in.

@andybons andybons closed this Mar 7, 2018
@golang golang locked and limited conversation to collaborators Mar 7, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.