This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit dfa109b7b535d64e8ee395ddd0419e7696fb24ee
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sun Nov 7 23:05:07 2021 +0100
[SSHD-704] Update CHANGES and README: RFC 8731 support
Mention the new KEX algorithms, and link to RFC 8731.
---
CHANGES.md | 1 +
README.md | 4 +++-
docs/dependencies.md | 7 ++++++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 1e1dd6b..5efe967 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,7 @@
## Behavioral changes and enhancements
+* [SSHD-704](https://issues.apache.org/jira/browse/SSHD-704) Add support for
RFC 8731 (curve25519 and curve448 key exchange algorithms)
* [SSHD-1017](https://issues.apache.org/jira/browse/SSHD-1017) Add support for
the chacha20-poly1...@openssh.com cipher
* [SSHD-1161](https://issues.apache.org/jira/browse/SSHD-1161) Support OpenSSH
client certificates for publickey authentication
* [SSHD-1163](https://issues.apache.org/jira/browse/SSHD-1163) Wrong server
key signature algorithm chosen in DH group key exchange
diff --git a/README.md b/README.md
index 6c1ff82..2a3a1c0 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ based applications requiring SSH support.
* **Note:** - the server side supports these signatures by default. The
client side requires specific
initialization - see [section
3.3](https://tools.ietf.org/html/rfc8332#section-3.3) and also the
above mentioned hooks for [RFC 8308](https://tools.ietf.org/html/rfc8308).
+* [RFC 8731 - Secure Shell (SSH) Key Exchange Method Using Curve25519 and
Curve448](https://tools.ietf.org/html/rfc8731)
* [Key Exchange (KEX) Method Updates and Recommendations for Secure
Shell](https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-03)
* [OpenSSH support for U2F/FIDO security
keys](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f)
* **Note:** the server side supports these keys by default. The client
side requires specific initialization
@@ -63,7 +64,8 @@ aes128-...@openssh.com, aes256-...@openssh.com,
chacha20-poly1...@openssh.com
, hmac-sha2-512-...@openssh.com, hmac-sha1-...@openssh.com
* **Key exchange**: diffie-hellman-group1-sha1,
diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1,
diffie-hellman-group14-sha256
, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512,
diffie-hellman-group17-sha512, diffie-hellman-group18-sha512
-, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
+, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521,
curve25519-sha256, curve25519-sha...@libssh.org, curve448-sha512
+ * On Java versions before Java 11, [Bouncy
Castle](./docs/dependencies.md#bouncy-castle) is required for
curve25519-sha256, curve25519-sha...@libssh.org, or curve448-sha512.
* **Compressions**: none, zlib, z...@openssh.com
* **Signatures/Keys**: ssh-dss, ssh-rsa, rsa-sha2-256, rsa-sha2-512, nistp256,
nistp384, nistp521
, ssh-ed25519 (requires `eddsa` optional module),
sk-ecdsa-sha2-nistp...@openssh.com, sk-ssh-ed25...@openssh.com
diff --git a/docs/dependencies.md b/docs/dependencies.md
index 85a43c5..39aa4f5 100644
--- a/docs/dependencies.md
+++ b/docs/dependencies.md
@@ -32,6 +32,11 @@ or via `SecurityUtils#setKeyPairResourceParser` for
**global** usage - even with
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</dependency>
+ <!-- SecurityProvider -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </dependency>
```
@@ -96,7 +101,7 @@ order to be included in the classpath:
```xml
- <!-- For ed25519 support -->
+ <!-- For ed25519 support -->
<dependency>
<groupId>net.i2p.crypto</groupId>
<artifactId>eddsa</artifactId>
