Overview
Request 1083858 accepted
- Update to version 2.9.0
* Dropped support for Python 3.6
* Updated CVE database.
* Added -g and --gex-test for granular GEX modulus size tests.
* JSON 'target' field now always includes port number.
* JSON output now includes recommendations and CVE data.
* Mixed host key/CA key types (i.e.: RSA host keys signed with
ED25519 CAs, etc.) are now properly handled.
* Warnings are now printed for 2048-bit moduli.
* SHA-1 algorithms now cause failures.
* CBC mode ciphers are now warnings instead of failures.
* Generic failure/warning messages replaced with more specific
reasons (i.e.:'using weak cipher' => 'using broken RC4 cipher')
* Updated built-in policies to include missing host key size
information.
* Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2,
and 9.3.
* Added 33 new host keys.
* Added 46 new key exchanges.
* Added 28 new ciphers.
* Added 5 new MACs.
Request History
mnhauke created request
- Update to version 2.9.0
* Dropped support for Python 3.6
* Updated CVE database.
* Added -g and --gex-test for granular GEX modulus size tests.
* JSON 'target' field now always includes port number.
* JSON output now includes recommendations and CVE data.
* Mixed host key/CA key types (i.e.: RSA host keys signed with
ED25519 CAs, etc.) are now properly handled.
* Warnings are now printed for 2048-bit moduli.
* SHA-1 algorithms now cause failures.
* CBC mode ciphers are now warnings instead of failures.
* Generic failure/warning messages replaced with more specific
reasons (i.e.:'using weak cipher' => 'using broken RC4 cipher')
* Updated built-in policies to include missing host key size
information.
* Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2,
and 9.3.
* Added 33 new host keys.
* Added 46 new key exchanges.
* Added 28 new ciphers.
* Added 5 new MACs.
wfrisch accepted request
OK (tarball verified)