From owner-freebsd-bugs@FreeBSD.ORG Sun Jun 16 15:00:00 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9B2A3649 for ; Sun, 16 Jun 2013 15:00:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7AAEF1B96 for ; Sun, 16 Jun 2013 15:00:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r5GF00Xn042288 for ; Sun, 16 Jun 2013 15:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r5GF00XI042287; Sun, 16 Jun 2013 15:00:00 GMT (envelope-from gnats) Resent-Date: Sun, 16 Jun 2013 15:00:00 GMT Resent-Message-Id: <201306161500.r5GF00XI042287@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Christian Weisgerber Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E7CF7643; Sun, 16 Jun 2013 14:59:44 +0000 (UTC) (envelope-from naddy@mips.inka.de) Received: from mail-in-06.arcor-online.net (mail-in-06.arcor-online.net [151.189.21.46]) by mx1.freebsd.org (Postfix) with ESMTP id 6E4881B91; Sun, 16 Jun 2013 14:59:44 +0000 (UTC) Received: from mail-in-15-z2.arcor-online.net (mail-in-15-z2.arcor-online.net [151.189.8.32]) by mx.arcor.de (Postfix) with ESMTP id 17AE710C3A8; Sun, 16 Jun 2013 16:59:37 +0200 (CEST) Received: from mail-in-11.arcor-online.net (mail-in-11.arcor-online.net [151.189.21.51]) by mail-in-15-z2.arcor-online.net (Postfix) with ESMTP id 0BDC9112006; Sun, 16 Jun 2013 16:59:37 +0200 (CEST) Received: from lorvorc.mips.inka.de (dslb-188-105-082-232.pools.arcor-ip.net [188.105.82.232]) by mail-in-11.arcor-online.net (Postfix) with ESMTPS id C894435A2FF; Sun, 16 Jun 2013 16:59:36 +0200 (CEST) Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.14.7/8.14.7) with ESMTP id r5GExa0d066883; Sun, 16 Jun 2013 16:59:36 +0200 (CEST) (envelope-from naddy@lorvorc.mips.inka.de) Received: (from naddy@localhost) by lorvorc.mips.inka.de (8.14.7/8.14.7/Submit) id r5GExaaa066882; Sun, 16 Jun 2013 16:59:36 +0200 (CEST) (envelope-from naddy) Message-Id: <201306161459.r5GExaaa066882@lorvorc.mips.inka.de> Date: Sun, 16 Jun 2013 16:59:36 +0200 (CEST) From: Christian Weisgerber To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.114 Subject: bin/179619: 9-STABLE sshd negotiates unsupported cipher Cc: des@FreeBSD.org X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Christian Weisgerber List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jun 2013 15:00:00 -0000 >Number: 179619 >Category: bin >Synopsis: 9-STABLE sshd negotiates unsupported cipher >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 16 15:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Christian Weisgerber >Release: FreeBSD 9.1-STABLE amd64 >Organization: >Environment: System: FreeBSD lorvorc.mips.inka.de 9.1-STABLE FreeBSD 9.1-STABLE #0 r251468: Thu Jun 6 17:02:46 CEST 2013 naddy@lorvorc.mips.inka.de:/usr/obj/usr/src/sys/GENERIC amd64 OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013, on FreeBSD 9-STABLE. This version of OpenSSL does not support AES-GCM, so OpenSSH is built with #undef OPENSSL_HAVE_EVPGCM there. >Description: Let's try to connect to a 9-STABLE box from a host that does support AES-GCM: $ ssh -c aes128-gcm@openssh.com,aes128-ctr lorvorc Connection closed by 2001:6f8:124a::5 Odd. $ ssh -v -c aes128-gcm@openssh.com,aes128-ctr lorvorc OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/naddy/.ssh/config debug1: /home/naddy/.ssh/config line 34: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to lorvorc [2001:6f8:124a::5] port 22. debug1: Connection established. debug1: identity file /home/naddy/.ssh/id_rsa type -1 debug1: identity file /home/naddy/.ssh/id_rsa-cert type -1 debug1: identity file /home/naddy/.ssh/id_dsa type -1 debug1: identity file /home/naddy/.ssh/id_dsa-cert type -1 debug1: identity file /home/naddy/.ssh/id_ecdsa type -1 debug1: identity file /home/naddy/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515 debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-gcm@openssh.com none debug1: kex: client->server aes128-gcm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection closed by 2001:6f8:124a::5 On the 9-STABLE box, auth.log says: Jun 9 02:39:49 lorvorc sshd[98792]: fatal: matching cipher is not supported: aes128-gcm@openssh.com [preauth] sshd should not match a cipher it doesn't actually support! >How-To-Repeat: See above. >Fix: Index: crypto/openssh/myproposal.h =================================================================== --- crypto/openssh/myproposal.h (revision 251468) +++ crypto/openssh/myproposal.h (working copy) @@ -71,10 +71,16 @@ "ssh-rsa," \ "ssh-dss" +#ifdef OPENSSL_HAVE_EVPGCM +# define AESGCM_CIPHER_MODES \ + "aes128-gcm@openssh.com,aes256-gcm@openssh.com," +#else +# define AESGCM_CIPHER_MODES +#endif #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ "arcfour256,arcfour128," \ - "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ + AESGCM_CIPHER_MODES \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" #ifdef NONE_CIPHER_ENABLED For FreeBSD 9-STABLE, changing the "Ciphers" description in ssh_config.5 and sshd_config.5 to match might be an additional consideration. >Release-Note: >Audit-Trail: >Unformatted: