How to support cipher 'none'?
Michael Wiedmann
michael.wiedmann at aastra.com
Fri Nov 21 19:27:25 WST 2008
Hi,
I wonder how I could support 'none' as sshcipher.
I tried to add
{"none", 0, NULL, 1},
as first entry in 'sshciphers[]' and rebuilt the server and client.
In the TRACE msgs I can see, that client and server agree on 'none'
as encryption method:
TRACE: buf_match_algo: none,aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc c2s is none
TRACE: buf_match_algo: none,aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc s2c is none
But the client dumps core before authentication is completed:
TRACE: leave send_msg_newkeys
TRACE: leave recv_msg_kexdh_init
TRACE: leave process_packet
TRACE: maybe_empty_reply_queue - no data allowed
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 21
TRACE: <- MSG_NEWKEYS
TRACE: enter recv_msg_newkeys
TRACE: while SENTNEWKEYS=1
TRACE: enter gen_new_keys
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
Segmentation fault (core dumped)
Cheers
Michael
PS: I try to find out how much overhead causes e.g. "aes128-cbc" and looking for
an easy way to switch between the offered ciphers from the client so that we
can optionally setup an unencrypted connection.
More information about the Dropbear
mailing list