Page MenuHomePhabricator

The server should not send the SSH_MSG_EXT_INFO message after rekeying
Open, Needs TriagePublic

Description

The RFC 8308 specifies, that the SSH_MSG_EXT_INFO message should be sent after the *first* SSH_MSG_NEWKEYS message, while the current implementation sends it also after the rekey:

o  As the next packet following the server's first SSH_MSG_NEWKEYS.

The same bug is in OpenSSH:

https://bugzilla.mindrot.org/show_bug.cgi?id=2929

This is not a high-priority since the clients are pretty tolerant, but it would be good to follow the recommendation.