Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

diffie-hellman-group-exchange-sha256 is very slow and take ~30 seconds #1386

Closed
sefinx opened this issue May 5, 2024 · 5 comments
Closed

diffie-hellman-group-exchange-sha256 is very slow and take ~30 seconds #1386

sefinx opened this issue May 5, 2024 · 5 comments
Labels
question

Comments

@sefinx
Copy link

sefinx commented May 5, 2024

connecting [xxxxxxxxxxxxxxxxxxxxxxxxx] ...
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: ssh2-sftp-client Version: 10.0.3 {
"node": "18.16.0",
"acorn": "8.8.2",
"ada": "1.0.4",
"ares": "1.19.0",
"brotli": "1.0.9",
"cldr": "42.0",
"icu": "72.1",
"llhttp": "6.0.10",
"modules": "108",
"napi": "8",
"nghttp2": "1.52.0",
"nghttp3": "0.7.0",
"ngtcp2": "0.8.1",
"openssl": "3.0.8+quic",
"simdutf": "3.2.2",
"tz": "2022g",
"undici": "5.21.0",
"unicode": "15.0",
"uv": "1.44.2",
"uvwasi": "0.0.15",
"v8": "10.2.154.26-node.26",
"zlib": "1.2.13"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.15.0'
Client: Trying xxxxxxxxxxxxxxxxxxxxxxxxx on port 22 ...
Socket connected
Remote ident: 'SSH-2.0-OBS SFTP Server [SERVER]'
Outbound: Sending KEXINIT
Inbound: Handshake in progress
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com
Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,ext-info-s
Handshake: KEX algorithm: diffie-hellman-group-exchange-sha256
Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: Host key format: rsa-sha2-512
Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) C->S cipher: aes256-ctr,aes256-cbc
Handshake: C->S Cipher: aes256-ctr
Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) S->C cipher: aes256-ctr,aes256-cbc
Handshake: S->C cipher: aes256-ctr
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) C->S MAC: hmac-sha2-256
Handshake: C->S MAC: hmac-sha2-256
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) S->C MAC: hmac-sha2-256
Handshake: S->C MAC: hmac-sha2-256
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
Handshake: (remote) C->S compression: none,zlib,zlib@openssh.com
Handshake: C->S compression: none
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
Handshake: (remote) S->C compression: none,zlib,zlib@openssh.com
Handshake: S->C compression: none
Outbound: Sending KEXDH_GEX_REQUEST
Received DH GEX Group

Outbound: Sending KEXDH_GEX_INIT
Received DH GEX Reply
Received DH Reply
Host accepted by default (no verification)
Host accepted (verified)
Outbound: Sending NEWKEYS
Inbound: NEWKEYS
Verifying signature ...
Verified signature
Handshake completed
@mscdex
Copy link
Owner

mscdex commented May 5, 2024

Yep, modern versions of OpenSSL do a lot of extra checks on DH values in the name of security. You're better off using Curve25519 instead where possible, which AFAIU does not incur these kinds of penalties.

@mscdex mscdex added the question label May 5, 2024
@sefinx
Copy link
Author

sefinx commented May 5, 2024
edited
Loading

thanks for your reply @mscdex . the problem is that I don't control this, this is the only algorithm the server that Im trying to connect supports - so I have to work with this. is there a way reduce the amount of checks so its faster?
one thing that I forgot to mention, when trying from sftp cli (from openSSH package) - it connects less than a second.

@mscdex
Copy link
Owner

mscdex commented May 5, 2024

is there a way reduce the amount of checks so its faster?

Short of patching OpenSSL and/or node, there is no way to reduce the amount of checking.

when trying from sftp cli (from openSSH package) - it connects less than a second

I wouldn't be surprised if OpenSSH is utilizing different APIs and/or doing some things themselves when performing DH.

@mscdex
Copy link
Owner

mscdex commented May 5, 2024

Additionally you could try newer versions of node and/or OpenSSL (if your copy of node is using system OpenSSL), it's possible improvements in OpenSSL could make things faster somehow.

@sefinx
Copy link
Author

sefinx commented May 5, 2024

@mscdex thank you for your reply, I will try your suggestions.

@mscdex mscdex closed this as completed Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mscdex @sefinx