[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh-0.4.5 - Problem with some ciphers
[Thread Prev] | [Thread Next]
- Subject: Re: libssh-0.4.5 - Problem with some ciphers
- From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sun, 05 Sep 2010 20:46:04 +0200
- To: libssh@xxxxxxxxxx
- Cc: uday.tennety@xxxxxxxxxxxxxx
Hi Uday, This is similar to a bug we had in an older CentOS/RHEL 4. The CTR algorithm implemented by libssl is not compatible (!) with newer releases. Hence, the BROKEN_AES_CTR flag defined when libssl older than known broken version is used, aes128-ctr is disabled. Could you provide me: -Linux distribution (client) which are demonstrating the wrong behaviour -libcrypto version used on this distribution -Maybe the output of the verbose mode of libssh What's new in your report is that aes256-cbc and aes192-cbc were broken. are you sure the change in kex.c was mandatory ? Otherwise, does libssh 0.4.5 replaces well libssh 0.3.4 ? You can have more information on the bug there: http://blog.0xbadc0de.be/archives/15 Kr, Aris Uday Tennety a écrit : > Hello Aris, > We noticed a problem with libssh using ciphers other than aes128-cbc for > communication. We were previously using libssh-0.3.4, which used > aes128-cbc for communication and it was working fine. We now started > using the new library i.e libssh-0.4.5 and we were unable to connect to > our Network Elements or Linux machines. > > Upon investigation, we found that we cannot connect to our Linux > machines or our Network Elements when the libssh library makes use of > aes256-ctr, aes256-cbc or aes192-cbc ciphers for ssh communication. But > we do not see this problem while connecting to Solaris machines. > > In order to make libssh-0.4.5 to work for us, we had to make the > following changes: > > After compilation and before running the 'make' command > A) Open libssh-0.4.5/build/libssh/config.h > Add the following line: > #define BROKEN_AES_CTR 1 > > B) Open libssh-0.4.5/libssh/kex.c > Comment the following statement and add the statement with aes128-cbc > instead: > //#define AES "aes256-cbc,aes192-cbc,aes128-cbc," > #define AES "aes128-cbc," > > Please let me know if this is a problem with the compatibility of these > ciphers with libssh library or something that we need to change in our > environment here. Let me know if you need further information. > > Thanks for your help. > Uday. >
| Re: libssh-0.4.5 - Problem with some ciphers | Uday Tennety <uday.tennety@xxxxxxxxxxxxxx> |
| libssh-0.4.5 - Problem with some ciphers | Uday Tennety <uday.tennety@xxxxxxxxxxxxxx> |