Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/3382-update-ssh-key-exchanges'

Browse source 
* origin/topic/timw/3382-update-ssh-key-exchanges:
  Add new SSH key exchange algorithms reported by OpenSSH 9.0
This commit is contained in:
Tim Wojtulewicz 2023-10-18 12:05:24 -07:00
commit fc62bb477c
3 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
6.2.0-dev.13 | 2023-10-18 12:05:24 -0700
* Add new SSH key exchange algorithms reported by OpenSSH 9.0 (Tim Wojtulewicz, Corelight)
6.2.0-dev.11 | 2023-10-17 19:33:47 +0200 6.2.0-dev.11 | 2023-10-17 19:33:47 +0200
* gre-over-udp: Update testing pcap with both endpoints (Arne Welzel, Corelight) * gre-over-udp: Update testing pcap with both endpoints (Arne Welzel, Corelight)

2
VERSION
View file

@ -1 +1 @@
6.2.0-dev.11 6.2.0-dev.13

13
src/analyzer/protocol/ssh/ssh-protocol.pac
View file

@ -475,6 +475,15 @@ refine connection SSH_Conn += {
// UNTESTED // UNTESTED
if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) ) if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) )
return true; return true;
// UNTESTED
if ( update_kex_state_if_equal("diffie-hellman-group14-sha256", KEX_DH) )
return true;
// UNTESTED
if ( update_kex_state_if_equal("diffie-hellman-group16-sha512", KEX_DH) )
return true;
// UNTESTED
if ( update_kex_state_if_equal("diffie-hellman-group16-sha512", KEX_DH) )
return true;
if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) ) if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) )
return true; return true;
@ -496,7 +505,9 @@ refine connection SSH_Conn += {
return true; return true;
if ( update_kex_state_if_startswith("curve25519-sha256", KEX_ECC) ) if ( update_kex_state_if_startswith("curve25519-sha256", KEX_ECC) )
return true; return true;
// UNTESTED
if ( update_kex_state_if_startswith("sntrup761x25519-sha512", KEX_ECC) )
return true;
zeek_analyzer()->Weird("ssh_unknown_kex_algorithm", c_str(kex_algorithm_)); zeek_analyzer()->Weird("ssh_unknown_kex_algorithm", c_str(kex_algorithm_));
return true; return true;