E-Mail von Ben Cooksley vom Montag, 15. Dezember 2025, 18:50: > On Tue, Dec 16, 2025 at 2:35 AM Tobias Leupold <[email protected]> wrote: > > > E-Mail von Sune Vuorela vom Montag, 15. Dezember 2025, 13:55: > > > On 2025-12-15, Tobias Leupold <[email protected]> wrote: > > > > as of recently, I get the following warning when communicating with > > > > invent.kde.org: > > > > > > > > $ git pull > > > > ** WARNING: connection is not using a post-quantum key exchange > > > > algorithm. > > > > ** This session may be vulnerable to "store now, decrypt later" > > > > attacks. > > > > ** The server may need to be upgraded. See > > https://openssh.com/pq.html > > > > > > > > Should we do something about this? > > > > > > We should probably at some point, but luckily we don't really do secret > > > things on invent. > > > > Well, that's the "I have nothing to hide" attitude that makes people use > > WhatsApp ... > > > > > Also, https://kawaiicon.org/talks/quantum-cryptanalysis/ and > > > http://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf > > > > A critical reader might consider this a rant ;-) > > > > > /Sune > > > > No hard feelings, I just thought the OpenSSH guys probably know what > > they're > > talking about. Also, I don't get such a warning when connecting to the > > other > > servers I use, so I simply wondered what's up here and why. > > > > We had some older "secure at the time" recommendations deployed on > invent.kde.org that came from Mozilla, which resulted in some algorithms > being enabled that don't meet those standards. > While still well within distribution support, Invent is a little older and > doesn't support the very latest ciphers, etc - but i've modernised it as > best as possible based on feedback from ssh-audit now.
Wow, that was fast :-) Now, the warning is gone. I suppose this at least won't hurt. Thanks for the quick reaction! > Proper fix will need to wait for it to migrate to a newer system which > should take place in the next few months. > > Thanks, > Ben
