This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit af6c8eddd897e18e8834c6439c48513cec150c8c
Author: Lyor Goldstein <lgoldst...@apache.org>
AuthorDate: Tue Dec 1 19:49:18 2020 +0200
[SSHD-1108] Increased minimum default DH group exchange key size to 2048
(but support 1024)
---
CHANGES.md | 3 ++-
README.md | 7 ++++++-
docs/security-providers.md | 2 +-
.../java/org/apache/sshd/common/util/security/SecurityUtils.java | 6 +++---
sshd-core/src/test/java/org/apache/sshd/server/kex/ModuliTest.java | 4 ++--
5 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 333f354..0f0d63c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -62,4 +62,5 @@ or `-key-file` command line option.
* [SSHD-1100](https://issues.apache.org/jira/browse/SSHD-1100) Updated used
moduli for DH group KEX
* [SSHD-1102](https://issues.apache.org/jira/browse/SSHD-1102) Provide filter
support for SftpDirectoryStream
* [SSHD-1104](https://issues.apache.org/jira/browse/SSHD-1104) Take into
account possible key type aliases when using public key authentication
-* [SSHD-1107](https://issues.apache.org/jira/browse/SSHD-1107) Allow
configuration of minimum DH group exchange key size via property or
programmatically
\ No newline at end of file
+* [SSHD-1107](https://issues.apache.org/jira/browse/SSHD-1107) Allow
configuration of minimum DH group exchange key size via property or
programmatically
+* [SSHD-1108](https://issues.apache.org/jira/browse/SSHD-1108) Increased
minimum default DH group exchange key size to 2048 (but support 1024)
\ No newline at end of file
diff --git a/README.md b/README.md
index 14ba78a..ab548c6 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,12 @@ the unsafe settings must do so **explicitly**. The following
settings have been
* [OpenSSH release notes](https://www.openssh.com/releasenotes.html) - usually
a good indicator of de-facto practices
* SHA-1 based key exchanges and signatures
* MD5-based and truncated HMAC algorithms
-
+* [RFC 8270 - Increase the Secure Shell Minimum Recommended Diffie-Hellman
Modulus Size to 2048 Bits](https://tools.ietf.org/html/rfc8270)
+ **Note:** it still possible to use 1024 by initializing the value
*programmatically* or via system property -
+ see [Security providers
setup](./docs/security-providers.md#diff-hellman-group-exchange-configuration).
+ The code still contains moduli for 1024 and will use them if user
**explicitly** lowers the default minimum
+ to it.
+
**Caveat:**: According to [RFC 8332 - section
3.31](https://tools.ietf.org/html/rfc8332#section-3.3)
>>
>> Implementation experience has shown that there are servers that apply
>> authentication penalties to clients
diff --git a/docs/security-providers.md b/docs/security-providers.md
index e9ed66d..d285a0a 100644
--- a/docs/security-providers.md
+++ b/docs/security-providers.md
@@ -101,7 +101,7 @@ In any case, the values are auto-detected by the code but
the user can intervene
**Note(s)**
* The value should be a multiple of 1024 (not enforced)
-* The value should be between 1024 and 8192 (not enforced)
+* The value should be between 2048 and 8192 (not enforced - allows users to
make an **explicit** decision to use shorter keys - especially the minimum).
* The minimum must be less or equal to the maximum (enforced - if reversed
then group exchange is **disabled**)
* If a **negative** value is set in either one then group exchange is
**disabled**
* Setting a value of zero indicates a **lazy** auto-detection of the supported
range the next time these values are needed.
\ No newline at end of file
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
index c300213..d26a1d1 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
@@ -119,10 +119,10 @@ public final class SecurityUtils {
* The min. key size value used for testing whether Diffie-Hellman Group
Exchange is supported or not. According to
* <A HREF="https://tools.ietf.org/html/rfc4419";>RFC 4419</A> section 3:
"Servers and clients SHOULD support
* groups with a modulus length of k bits, where 1024 <= k <= 8192".
</code>
+ *
+ * <B>Note: this has been amended by <A
HREF="https://tools.ietf.org/html/rfc8270";>RFC 8270</A>
*/
- public static final int MIN_DHGEX_KEY_SIZE = 1024;
- // Keys of size > 1024 are not supported by default with JCE
- public static final int DEFAULT_DHGEX_KEY_SIZE = MIN_DHGEX_KEY_SIZE;
+ public static final int MIN_DHGEX_KEY_SIZE = 2048;
public static final int PREFERRED_DHGEX_KEY_SIZE = 4096;
public static final int MAX_DHGEX_KEY_SIZE = 8192;
diff --git a/sshd-core/src/test/java/org/apache/sshd/server/kex/ModuliTest.java
b/sshd-core/src/test/java/org/apache/sshd/server/kex/ModuliTest.java
index ced70b0..128a908 100644
--- a/sshd-core/src/test/java/org/apache/sshd/server/kex/ModuliTest.java
+++ b/sshd-core/src/test/java/org/apache/sshd/server/kex/ModuliTest.java
@@ -84,8 +84,8 @@ public class ModuliTest extends JUnitTestSupport {
Collection<Integer> actualSizes = new
TreeSet<>(Comparator.naturalOrder());
for (DhGroup g : groups) {
int size = g.getSize();
- assertTrue("Size below min. required " +
SecurityUtils.MIN_DHGEX_KEY_SIZE,
- size >= SecurityUtils.MIN_DHGEX_KEY_SIZE);
+ // SSHD-1108 - raised default minimum to 2048...
+ assertTrue("Size below min. required " + 1024 + ": " + size, size
>= 1024);
assertTrue("Size above max. allowed " +
SecurityUtils.MAX_DHGEX_KEY_SIZE, size <= SecurityUtils.MAX_DHGEX_KEY_SIZE);
actualSizes.add(size);
}
