mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@apache.org>
Subject Re: defaulting to DHG1 when no suitable primes are found
Date Wed, 17 Dec 2014 09:46:51 GMT
Oh, nice catch, please raise a JIRA.

2014-12-17 10:21 GMT+01:00 Pawel Sm7 <pawel.sm7@gmail.com>:
>
> Hello,
>
> The problem turned out to be quite straightforward - in
> DHGEX.chooseDH() for the case 'No suitable primes found, defaulting to
> DHG1' we need to swap P1 and G.
>
> It should be:
> return getDH(new BigInteger(DHGroupData.getP1()), new
> BigInteger(DHGroupData.getG()));
>
> instead of:
> return getDH(new BigInteger(DHGroupData.getG()), new
> BigInteger(DHGroupData.getP1()));
>
>
> Do you want me to raise JIRA issue for that?
>
> Regards,
>
> Pawel
>
>
>
> 2014-12-09 14:58 GMT+01:00 Guillaume Nodet <gnodet@apache.org>:
> > The code seems to be ok to me.
> > Doesn't the problem come from the client which does not accept the
> selected
> > DH group ? Which client are you using ?
> > The init() method is called when receiving a SSH_MSG_KEXINIT message.
> > Do you have the server / client log ?
> >
> > Anyway, if you can reproduce it in a unit test, feel free to raise a JIRA
> > and attach it there.
> >
> >
> > 2014-12-09 14:21 GMT+01:00 Pawel Sm7 <pawel.sm7@gmail.com>:
> >
> >> Hello,
> >>
> >> I have a question concerning situation when no suitable primes are
> >> found (chooseDH(), DGGEX.java file, org.apache.sshd.server.kex
> >> package).
> >> The intention is defaulting to DHG1 in this situation, however I see
> >> that after several tries eventually the operation fails,
> >> and there is no switching to DHG1. I also do not see init() called for
> >> DHG1 in such situation, just returning:
> >> return getDH(new BigInteger(DHGroupData.getG()), new
> >> BigInteger(DHGroupData.getP1()));
> >>
> >> Could you please confirm that this is an issue? Do you want me to
> >> raise an issue in JIRA?
> >>
> >> Regards,
> >>
> >> Pawel
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message