The server should not send the SSH_MSG_EXT_INFO message after rekeying
Closed, ResolvedPublic
Actions

Description

The RFC 8308 specifies, that the SSH_MSG_EXT_INFO message should be sent after the *first* SSH_MSG_NEWKEYS message, while the current implementation sends it also after the rekey:

o  As the next packet following the server's first SSH_MSG_NEWKEYS.

The same bug is in OpenSSH:

https://bugzilla.mindrot.org/show_bug.cgi?id=2929

This is not a high-priority since the clients are pretty tolerant, but it would be good to follow the recommendation.

Related Objects

Mentioned In: rLIBSSHbf2c7128ab67: server: Do not send SSH_MSG_EXT_INFO after rekey
rLIBSSH1d5215a5af2f: server: Do not send SSH_MSG_EXT_INFO after rekey

Event Timeline

Jakuje created this task.Nov 13 2018, 3:39 PM

asn mentioned this in rLIBSSH1d5215a5af2f: server: Do not send SSH_MSG_EXT_INFO after rekey.Nov 23 2018, 5:32 PM

asn mentioned this in rLIBSSHbf2c7128ab67: server: Do not send SSH_MSG_EXT_INFO after rekey.

This was fixed by the previously mentioned commits that made their way into master and 0.8 branch.

The server should not send the SSH_MSG_EXT_INFO message after rekeyingClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

The server should not send the SSH_MSG_EXT_INFO message after rekeying
Closed, ResolvedPublic
Actions