-
Notifications
You must be signed in to change notification settings - Fork 664
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
diffie-hellman-group-exchange-sha256 is very slow and take ~30 seconds #1386
Comments
Yep, modern versions of OpenSSL do a lot of extra checks on DH values in the name of security. You're better off using Curve25519 instead where possible, which AFAIU does not incur these kinds of penalties. |
thanks for your reply @mscdex . the problem is that I don't control this, this is the only algorithm the server that Im trying to connect supports - so I have to work with this. is there a way reduce the amount of checks so its faster? |
Short of patching OpenSSL and/or node, there is no way to reduce the amount of checking.
I wouldn't be surprised if OpenSSH is utilizing different APIs and/or doing some things themselves when performing DH. |
Additionally you could try newer versions of node and/or OpenSSL (if your copy of node is using system OpenSSL), it's possible improvements in OpenSSL could make things faster somehow. |
@mscdex thank you for your reply, I will try your suggestions. |
connecting [xxxxxxxxxxxxxxxxxxxxxxxxx] ...
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: ssh2-sftp-client Version: 10.0.3 {
"node": "18.16.0",
"acorn": "8.8.2",
"ada": "1.0.4",
"ares": "1.19.0",
"brotli": "1.0.9",
"cldr": "42.0",
"icu": "72.1",
"llhttp": "6.0.10",
"modules": "108",
"napi": "8",
"nghttp2": "1.52.0",
"nghttp3": "0.7.0",
"ngtcp2": "0.8.1",
"openssl": "3.0.8+quic",
"simdutf": "3.2.2",
"tz": "2022g",
"undici": "5.21.0",
"unicode": "15.0",
"uv": "1.44.2",
"uvwasi": "0.0.15",
"v8": "10.2.154.26-node.26",
"zlib": "1.2.13"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.15.0'
Client: Trying xxxxxxxxxxxxxxxxxxxxxxxxx on port 22 ...
Socket connected
Remote ident: 'SSH-2.0-OBS SFTP Server [SERVER]'
Outbound: Sending KEXINIT
Inbound: Handshake in progress
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com
Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,ext-info-s
Handshake: KEX algorithm: diffie-hellman-group-exchange-sha256
Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: Host key format: rsa-sha2-512
Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) C->S cipher: aes256-ctr,aes256-cbc
Handshake: C->S Cipher: aes256-ctr
Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) S->C cipher: aes256-ctr,aes256-cbc
Handshake: S->C cipher: aes256-ctr
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) C->S MAC: hmac-sha2-256
Handshake: C->S MAC: hmac-sha2-256
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) S->C MAC: hmac-sha2-256
Handshake: S->C MAC: hmac-sha2-256
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
Handshake: (remote) C->S compression: none,zlib,zlib@openssh.com
Handshake: C->S compression: none
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
Handshake: (remote) S->C compression: none,zlib,zlib@openssh.com
Handshake: S->C compression: none
Outbound: Sending KEXDH_GEX_REQUEST
Received DH GEX Group
Outbound: Sending KEXDH_GEX_INIT
Received DH GEX Reply
Received DH Reply
Host accepted by default (no verification)
Host accepted (verified)
Outbound: Sending NEWKEYS
Inbound: NEWKEYS
Verifying signature ...
Verified signature
Handshake completed
The text was updated successfully, but these errors were encountered: