This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new e8388c4 [SSHD-1136] Update DH group exchange configuration
documentation to reflect the use of a property to govern fallback mode
e8388c4 is described below
commit e8388c43a1283ee659f3ba8f2b98403ff50f948c
Author: Lyor Goldstein <[email protected]>
AuthorDate: Fri Apr 2 09:20:23 2021 +0300
[SSHD-1136] Update DH group exchange configuration documentation to reflect
the use of a property to govern fallback mode
---
docs/security-providers.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/security-providers.md b/docs/security-providers.md
index d285a0a..e8b996d 100644
--- a/docs/security-providers.md
+++ b/docs/security-providers.md
@@ -104,4 +104,6 @@ In any case, the values are auto-detected by the code but
the user can intervene
* The value should be between 2048 and 8192 (not enforced - allows users to
make an **explicit** decision to use shorter keys - especially the minimum).
* The minimum must be less or equal to the maximum (enforced - if reversed
then group exchange is **disabled**)
* If a **negative** value is set in either one then group exchange is
**disabled**
-* Setting a value of zero indicates a **lazy** auto-detection of the supported
range the next time these values are needed.
\ No newline at end of file
+* Setting a value of zero indicates a **lazy** auto-detection of the supported
range the next time these values are needed.
+
+Furthermore, if all possible primes have been exhausted the code no longer
falls back to DH group exchange using SHA-1 unless the
`ALLOW_DHG1_KEX_FALLBACK` core module property is set.
\ No newline at end of file
