(mina-sshd) 03/05: KEX: by default abort on invalid certificates

Thu, 27 Feb 2025 14:11:12 -0800 

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit 69102099c963f4214989b0049322875c9abeeac0
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sun Feb 16 19:29:23 2025 +0100

    KEX: by default abort on invalid certificates
    
    Switch the default of CoreModuleProperties.ABORT_ON_INVALID_CERTIFICATE
    from false to true.
    
    Unless we get tons of bug reports due to this I plan to deprecate and
    remove this setting altogether. IMO an SSH client should *never* accept
    connections if a certificate key exchange is used and the certificate
    the server sent is invalid. (Expired, wrongly signed, not listing the
    host name or IP in the principals, or whatever.)
---
 CHANGES.md                                                             | 3 +++
 sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index f163fdeaf..323116c15 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -37,5 +37,8 @@
 
 ## Potential Compatibility Issues
 
+Client-side KEX: we've changed the default of the setting 
`CoreModuleProperties.ABORT_ON_INVALID_CERTIFICATE` from `false` to `true`.
+A client will newly abort an SSH connection if the server presents an invalid 
OpenSSH host certificate as host key.
+
 ## Major Code Re-factoring
 
diff --git 
a/sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java 
b/sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java
index d130648d5..2bec5c3a3 100644
--- a/sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java
+++ b/sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java
@@ -190,7 +190,7 @@ public final class CoreModuleProperties {
      * Defines if we should abort in case we encounter an invalid (e.g. 
expired) openssh certificate.
      */
     public static final Property<Boolean> ABORT_ON_INVALID_CERTIFICATE
-            = Property.bool("abort-on-invalid-certificate", false);
+            = Property.bool("abort-on-invalid-certificate", true);
 
     /**
      * As per RFC-4256:

Reply via email to