mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SSHD-357) ARCFOUR 128/256 ciphers initialization incorrect - always fails
Date Tue, 07 Oct 2014 09:40:34 GMT

     [ https://issues.apache.org/jira/browse/SSHD-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Goldstein Lyor updated SSHD-357:
--------------------------------
    Attachment: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch

Recommend code patch (including jUnit tests)

> ARCFOUR 128/256 ciphers initialization incorrect - always fails
> ---------------------------------------------------------------
>
>                 Key: SSHD-357
>                 URL: https://issues.apache.org/jira/browse/SSHD-357
>             Project: MINA SSHD
>          Issue Type: Bug
>            Reporter: Goldstein Lyor
>             Fix For: 0.13.0
>
>         Attachments: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch
>
>
> The ARCFOUR128/256 ciphers inherit the default _BaseCipher#init_ implementation which
creates an initialization vector. For RC4, this is not required - and indeed causes _java.security.InvalidAlgorithmParameterException:
Parameters not supported_ when the cipher is initialized - even though everything is in order
(e.g., see what happens when _SshServer#setUpDefaultCiphers_ is run). This means that these
RC4 ciphers are *never* available. The fix (see attached patch file) is to override the _init_
method and provide only a key.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message