golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
123.99k stars 17.67k forks source link

x/crypto: preferredKexAlgos in golang.org/x/crypto/ssh includes SHA1 #59593

Open smlx opened 1 year ago

smlx commented 1 year ago

What version of Go are you using (go version)?

$ go version
go version go1.20.3 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/scott/.cache/go-build"
GOENV="/home/scott/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/scott/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/scott/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.3"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="0"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1232564776=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Built an SSH server using x/crypto/ssh, and ran ssh -vvv to connect to it.

What did you expect to see?

I expected the server to present KEX algorithms excluding any using SHA1.

What did you see instead?

debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

The default algorithms used by the ssh server appears to be configured here: https://github.com/golang/crypto/blob/1faeef9713563c936e077b84e4c3a0f3cac0fbe4/ssh/common.go#L62-L68

Does it make sense to remove kexAlgoDH14SHA1 from the preferred KEX algorithm list? I note that NIST has announced SHA1's retirement, and GitHub discontinued SSH SHA1 support way back in 2018.

dr2chase commented 1 year ago

@golang/security