changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: ssh: work around github.com's broken cipher negotiation code (thanks Ori_B)

changeset 7257: e55d4b846784
parent 7256: ca43df3d5f56
child 7258: 783d3ae87188
author: cinap_lenrek@felloff.net
date: Mon, 27 May 2019 02:11:16 +0200
files: sys/src/cmd/ssh.c
description: ssh: work around github.com's broken cipher negotiation code (thanks Ori_B)

key exchange with git@github.com fails as they appear to try to
negotiate a mac algorithm even tho we use an AEAD cipher which
does not use a mac algorithm.

the work around is to supply a dummy mac algorithm that they
can negotiate to make them happy.
     1.1--- a/sys/src/cmd/ssh.c
     1.2+++ b/sys/src/cmd/ssh.c
     1.3@@ -489,7 +489,7 @@ kex(int gotkexinit)
     1.4 	static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org";
     1.5 	static char cipheralgs[] = "chacha20-poly1305@openssh.com";
     1.6 	static char zipalgs[] = "none";
     1.7-	static char macalgs[] = "";
     1.8+	static char macalgs[] = "hmac-sha1";	/* work around for github.com */
     1.9 	static char langs[] = "";
    1.10 
    1.11 	uchar cookie[16], x[32], yc[32], z[32], k[32+1], h[SHA2_256dlen], *ys, *ks, *sig;