Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: make it possible to disable SHA-1 algorithms #56561

Open
FiloSottile opened this issue Nov 3, 2022 · 0 comments
Open

x/crypto/ssh: make it possible to disable SHA-1 algorithms #56561

FiloSottile opened this issue Nov 3, 2022 · 0 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@FiloSottile
Copy link
Contributor

#49952 tracked adding support for the SHA-2 variants of ssh-rsa. This issue is about exposing the settings necessary to turn off the original SHA-1 algorithm, both on the signer and on the verifier side, both for client and host authentication.

For example, this will require something akin to ServerConfig.PublicKeyAuthAlgorithms from #49269 and MultiAlgorithmSigner from #52132, as well as others.

Eventually, we'll want to make SHA-1 disabled by default, and these settings will be how applications can turn it back on.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@mdempsky @FiloSottile @gopherbot