SSH2: don't use AES GCM for TurboFTP Server

phpseclib · Nov 4, 2023 · 3ecde6b · 3ecde6b · terrafrost · Nov 5, 2023
1 parent 5b27f8f
commit 3ecde6b
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php
@@ -1551,6 +1551,20 @@ private function key_exchange($kexinit_payload_server = false)
                         ['hmac-sha1-96', 'hmac-md5-96']
                     ));
                 }
+                break;
+            case substr($this->server_identifier, 0, 24) == 'SSH-2.0-TurboFTP_SERVER_':
+                if (!isset($preferred['server_to_client']['crypt'])) {
+                    $s2c_encryption_algorithms = array_values(array_diff(
+                        $s2c_encryption_algorithms,
+                        ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com']
+                    ));
+                }
+                if (!isset($preferred['client_to_server']['crypt'])) {
+                    $c2s_encryption_algorithms = array_values(array_diff(
+                        $c2s_encryption_algorithms,
+                        ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com']
+                    ));
+                }
         }
 
         $client_cookie = Random::string(16);
@@ -2315,7 +2329,7 @@ private function login_helper($username, $password = null)
                     return $this->login_helper($username, $password);
                 }
                 $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
-                throw new ConnectionClosedException('Connection closed by server');
+                throw $e;
             }
 
             list($type, $service) = Strings::unpackSSH2('Cs', $response);