Bug 1067633

Summary: ssh provides limited compatibility to embedded ssh servers
Product: Red Hat Enterprise Linux 7 Reporter: Hubert Kario <hkario>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: low    
Version: 7.0CC: pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-30 19:28:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1053107    
Bug Blocks:    

Description Hubert Kario 2014-02-20 18:58:58 UTC 
Description of problem:
The new algorithm used in openssh for calculating size of DH parameters provides limited compatibility for embedded SSH servers.
In case the remote server supports only SHA-1 and SHA-2 MACs, openssh will always suggest usage of 7680 bit or 8192 bit DH group.

Version-Release number of selected component (if applicable):
openssh-6.4p1-7.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. ssh -vv -o "MACs hmac-sha1" localhost

Actual results:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192)

Expected results:
Depending on cipher selected:
3des: 2048
aes-128, arcfour, blowfish: 3072
aes-192: 7680
aes-256: 8192

Additional info:
NIST SP 800-57.
See bug 1053107 for details.
Comment 1 Hubert Kario 2014-02-20 19:01:56 UTC 
Previous versions of openssh had a hard limit on DH group size at 4096 bit.
Comment 3 Hubert Kario 2014-09-30 17:03:51 UTC 
I raised the issue with upstream and they don't consider this to be an issue or willing to fix.

This probably should be closed as won't fix.