mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 07:53:19 +00:00
nixos/openssh: Add sntrup761x25519-sha512 kexAlgo
Introduced in OpenSSH 9.0 it became the part of the default kexAlgorithm selection, visibile in sshd_config(5). It is also enabled by default in the OpenSSH client, as can be seen from $ ssh -Q KexAlgorithms Also clarifies that we use the referenced documents as the lower bound, given that they haven't been updated for 5-7y.
This commit is contained in:
parent
5d589feb6e
commit
fa7ce6bc7f
@ -293,6 +293,7 @@ in
|
||||
kexAlgorithms = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
@ -301,7 +302,7 @@ in
|
||||
Allowed key exchange algorithms
|
||||
</para>
|
||||
<para>
|
||||
Defaults to recommended settings from both
|
||||
Uses the lower bound recommended in both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
|
||||
|
Loading…
Reference in New Issue
Block a user