Tera TermRevision: 10860
https://osdn.net/projects/ttssh2/scm/svn/commits/10860
Author: nmaya
Date: 2023-08-19 01:46:25 +0900 (Sat, 19 Aug 2023)
Log Message:
-----------
KEX diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1 をデフォルトで無効にした
RFC 9142
ticket #43655
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/43655
Modified Paths:
--------------
trunk/doc/en/html/about/history.html
trunk/doc/ja/html/about/history.html
trunk/installer/release/TERATERM.INI
trunk/ttssh2/ttxssh/kex.c
-------------- next part --------------
Modified: trunk/doc/en/html/about/history.html
===================================================================
--- trunk/doc/en/html/about/history.html 2023-08-18 14:59:21 UTC (rev 10859)
+++ trunk/doc/en/html/about/history.html 2023-08-18 16:46:25 UTC (rev 10860)
@@ -3352,6 +3352,7 @@
<ul>
<li>added support for SSH2 host key algorithms: rsa-sha2-256, rsa-sha2-512 (RSA key with SHA-2 signature)</li>
<li>added support for SSH2 public key authentication methods: rsa-sha2-256, rsa-sha2-512 (RSA key with SHA-2 signature)</li>
+ <li>disabled SSH2 KEX algorithm by default for RFC 9142 recommendations: diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1</li>
<!--li>\x83L\x81[\x83v\x83A\x83\x89\x83C\x83u\x83p\x83P\x83b\x83g\x82̑\x97\x90M\x8AԊu\x82̃f\x83t\x83H\x83\x8B\x83g\x82\xF0 300 \x95b\x82ɕύX\x82\xB5\x82\xBD\x81B</li-->
<!-- li>TTSSH \x82\xA9\x82\xE7\x92ʒm\x82\xAA\x82\xA0\x82\xC1\x82\xBD\x82Ƃ\xAB\x82ɂ\xCD TTSSH \x82̃A\x83C\x83R\x83\x93\x82\xAA\x8Eg\x82\xED\x82\xEA\x82\xE9\x82悤\x82ɂ\xB5\x82\xBD\x81B</li -->
<li>Increased the default RSA key size to 3072 bits on <a href="../menu/setup-sshkeygenerator.html">Key Generator dialog</a>.</li>
Modified: trunk/doc/ja/html/about/history.html
===================================================================
--- trunk/doc/ja/html/about/history.html 2023-08-18 14:59:21 UTC (rev 10859)
+++ trunk/doc/ja/html/about/history.html 2023-08-18 16:46:25 UTC (rev 10860)
@@ -3358,6 +3358,7 @@
<ul>
<li>SSH2 \x82\xCC rsa-sha2-256, rsa-sha2-512 \x83z\x83X\x83g\x8C\xAE\x95\xFB\x8E\xAE\x81iRSA \x8C\xAE / SHA-2 \x8F\x90\x96\xBC\x81j\x82\xF0\x83T\x83|\x81[\x83g\x82\xB5\x82\xBD\x81B</li>
<li>SSH2 \x82\xCC rsa-sha2-256, rsa-sha2-512 \x8C\xF6\x8AJ\x8C\xAE\x94F\x8Fؕ\xFB\x8E\xAE\x81iRSA \x8C\xAE / SHA-2 \x8F\x90\x96\xBC\x81j\x82\xF0\x83T\x83|\x81[\x83g\x82\xB5\x82\xBD\x81B</li>
+ <li>RFC 9142 \x82̊\xA9\x8D\x90\x82ɂ\xE6\x82\xE8\x81ASSH2 \x82\xCC diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1 \x8C\xAE\x8C\xF0\x8A\xB7\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83f\x83t\x83H\x83\x8B\x83g\x82Ŗ\xB3\x8C\xF8\x82ɂ\xB5\x82\xBD\x81B</li>
<li>\x83L\x81[\x83v\x83A\x83\x89\x83C\x83u\x83p\x83P\x83b\x83g\x82̑\x97\x90M\x8AԊu\x82̃f\x83t\x83H\x83\x8B\x83g\x82\xF0 300 \x95b\x82ɕύX\x82\xB5\x82\xBD\x81B</li>
<li>TTSSH \x82\xA9\x82\xE7\x92ʒm\x82\xAA\x82\xA0\x82\xC1\x82\xBD\x82Ƃ\xAB\x82ɂ\xCD TTSSH \x82̃A\x83C\x83R\x83\x93\x82\xAA\x8Eg\x82\xED\x82\xEA\x82\xE9\x82悤\x82ɂ\xB5\x82\xBD\x81B</li>
<li><a href="../menu/setup-sshkeygenerator.html">SSH\x8C\xAE\x90\xB6\x90\xAC\x83_\x83C\x83A\x83\x8D\x83O</a>\x82\xCC RSA \x8C\xAE\x82̃f\x83t\x83H\x83\x8B\x83g\x82̒\xB7\x82\xB3\x82\xF0 3072bit \x82ɕύX\x82\xB5\x82\xBD\x81B</li>
Modified: trunk/installer/release/TERATERM.INI
===================================================================
--- trunk/installer/release/TERATERM.INI 2023-08-18 14:59:21 UTC (rev 10859)
+++ trunk/installer/release/TERATERM.INI 2023-08-18 16:46:25 UTC (rev 10860)
@@ -829,7 +829,7 @@
; 9...diffie-hellman-group16-sha512
; :...diffie-hellman-group18-sha512
; 0...KEXs below this line are disabled.
-KexOrder=567:9843210
+KexOrder=567:9842031
; minimal size in bits of an acceptable group in SSH_MSG_KEY_DH_GEX_REQUEST packet
GexMinimalGroupSize=0
Modified: trunk/ttssh2/ttxssh/kex.c
===================================================================
--- trunk/ttssh2/ttxssh/kex.c 2023-08-18 14:59:21 UTC (rev 10859)
+++ trunk/ttssh2/ttxssh/kex.c 2023-08-18 16:46:25 UTC (rev 10860)
@@ -104,10 +104,10 @@
KEX_DH_GRP16_SHA512,
KEX_DH_GRP14_SHA256,
KEX_DH_GEX_SHA256,
+ KEX_DH_GRP14_SHA1,
+ KEX_DH_NONE,
KEX_DH_GEX_SHA1,
- KEX_DH_GRP14_SHA1,
KEX_DH_GRP1_SHA1,
- KEX_DH_NONE,
};
normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));