<div dir="ltr">Hi Matt,<div><br></div><div>noticed that in sysoptions.h this is added at line 130</div><div><br></div><div><div>/* These are disabled in Dropbear 2016.73 by default since the spec </div><div> draft-ietf-curdle-ssh-kex-sha2-02 is under development. */</div><div>#define DROPBEAR_DH_GROUP14_256 0</div><div>#define DROPBEAR_DH_GROUP16 0</div></div><div><br></div><div><br></div><div>Should that not be in options.h underneath line 174 </div><div></div><div><div><br></div><div>/* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though</div><div> is the only option for interoperability with some older SSH programs */</div><div>#define DROPBEAR_DH_GROUP1 1</div><div>#define DROPBEAR_DH_GROUP14 1</div></div><div><br></div><div><br></div><div>Hans</div><div><br></div><div><br><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 18, 2016 at 4:52 PM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
Dropbear 2016.73 is released. It has a few new features and<br>
other small improvements.<br>
<br>
Download at <a href="https://matt.ucc.asn.au/dropbear/dropbear.html" rel="noreferrer" target="_blank">https://matt.ucc.asn.au/dropbear/dropbear.html</a><br>
<br>
Cheers,<br>
Matt<br>
<br>
2016.73 - 18 March 2016<br>
<br>
- Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev<br>
<br>
- Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev<br>
<br>
- Option to exit when a TCP forward fails, patch from Konstantin Tokarev<br>
<br>
- New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options<br>
in the style of OpenSSH, though implementing all OpenSSH options is not planned.<br>
<br>
- Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou<br>
<br>
- Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks<br>
<br>
- Various cleanups for issues found by a lint tool, patch from Francois Perrad<br>
<br>
- Fix tab indent consistency, patch from Francois Perrad<br>
<br>
- Fix issues found by cppcheck, reported by Mike Tzou<br>
<br>
- Use system memset_s() or explicit_bzero() if available to clear memory. Also make<br>
libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).<br>
<br>
- Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.<br>
<br>
- Improved Travis CI test running, thanks to Mike Tzou<br>
<br>
- Improve some code that was flagged by Coverity and Fortify Static Code Analyzer<br>
</blockquote></div><br></div>