https://bugzilla.mindrot.org/show_bug.cgi?id=3839
--- Comment #3 from Damien Miller <[email protected]> --- They are not violating RFC4253 because they are different binary packet protocol specifications that implement their own different rules. The RFC4253 rules only apply to the original SSH ciphers and MACs. I don't think there's a general rule that fits every situation. Implementations that use *[email protected] MAC algorithms are another transport case you need to consider. IIRC they are somewhere between AES-GCM and chachapoly - they send the length in cleartext like AES-GCM but apply the cipher blocksize only to the padlen+payload+padding. So four possible cases: 1. *cbc/*ctr ciphers with original RFC4253 MACs (or umac*@openssh.com) 2. *cbc/*ctr ciphers with *[email protected] MACs (or umac*@openssh.com) 3. aes*[email protected] 4. [email protected] -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
