New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transport: fix the preferred KEX algorithms for gssapi-keyex (2.0) #1060

Merged
merged 1 commit into from Sep 12, 2017

Conversation

Projects
None yet
3 participants
@akruis
Contributor

akruis commented Sep 12, 2017

Add additional KEX algorithms for gssapi-keyex in front of the
default preferred KEX algorithms, if gssapi-keyex is enabled.

Before this change, Transport used a hard coded (and out-dated) list of
algorithms, if gssapi-keyex was enabled.

Transport: fix the preferred KEX algorithms for gssapi-keyex
Add additional KEX algorithms for gssapi-keyex in front of the
default preferred KEX algorithms, if gssapi-keyex is enabled.

Before this change, Transport used a hard coded (and out-dated) list of
algorithms, if gssapi-keyex was enabled.
@ploxiln

This comment has been minimized.

Contributor

ploxiln commented Sep 12, 2017

It's good to see gss get some testing and maintenance :)

@bitprophet

This comment has been minimized.

Member

bitprophet commented Sep 12, 2017

Torn on whether this should be considered a bugfix or a "feature" (it's technically adding new functionality that did not previously exist.) What's the impact (functionality or security wise) on users if this only went out in 2.3?

@ploxiln

This comment has been minimized.

Contributor

ploxiln commented Sep 12, 2017

I'd lean towards just considering this a bugfix for gss.
Note also that _preferred_kex was updated in 2.2

@ploxiln

This comment has been minimized.

Contributor

ploxiln commented Sep 12, 2017

(for the 2.2.0 release, so consistent with your idea that kex preference changes should be in minor releases - I'm just noting it :)

@akruis

This comment has been minimized.

Contributor

akruis commented Sep 12, 2017

It a bug fix. Without this fix you get an outdated set of non gss-kex algorithms, if you enable gss-kex.

bitprophet added a commit that referenced this pull request Sep 12, 2017

@bitprophet bitprophet merged commit 9ee7085 into paramiko:2.0 Sep 12, 2017

1 of 3 checks passed

codecov/patch 50% of diff hit (target 74.58%)
Details
codecov/project 74.54% (-0.04%) compared to 853a37f
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment