Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Diego-ssh] Remove chacha20 cipher support from diego-ssh #982

Open
DimitarSch opened this issue Jan 7, 2025 · 0 comments
Open

[Diego-ssh] Remove chacha20 cipher support from diego-ssh #982

DimitarSch opened this issue Jan 7, 2025 · 0 comments
Labels
enhancement

Comments

@DimitarSch
Copy link

DimitarSch commented Jan 7, 2025
edited
Loading

Proposed Change

Summary

Remove chacha20 cipher from Diego-ssh ( more specifically cmd/ssh-proxy/main.go and files ) in accordance to SAP security standards in order to prevent vulnerabilities related to terapin attacks. The main reason being chacha20poly1305 is considered weak against such attacks

Related BLI: https://jira.tools.sap/browse/CFAR-1064

Acceptance criteria

Cypher references are to be removed from:

  • diego-ssh/cmd/ssh-proxy/main.go
  • diego-ssh/cmd/sshd/main.go
  • fix tests

This will prevent future cypher usage.

Related links

Related BLI: https://jira.tools.sap/browse/CFAR-1064

Related git repo: https://github.com/cloudfoundry/diego-ssh

Related PR in diego-ssh: cloudfoundry/diego-ssh#62
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
Application Runtime Platform Working Group
Status: Inbox
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DimitarSch