encryption_algorithms_server_to_client for libssh2 #1323

laogaolao · 2024-02-28T02:15:20Z

laogaolao
Feb 28, 2024

I am using libcurl based on libssh2, and in libcurl I called the libssh2_session_method_pref to set the crypto, mac and othere security parameter like:

if(libssh2_session_method_pref(sshc->ssh_session, LIBSSH2_METHOD_HOSTKEY, hostAlgo))
{
    failf(data, "Failure libssh2_session_method_pref");
    return CURLE_FAILED_INIT;
}

if(libssh2_session_method_pref(sshc->ssh_session, LIBSSH2_METHOD_MAC_CS, mac))
{
    failf(data, "Failure libssh2_session_method_pref");

    return CURLE_FAILED_INIT;
}

if(libssh2_session_method_pref(sshc->ssh_session, LIBSSH2_METHOD_CRYPT_CS, cipher))
{
    failf(data, "Failure libssh2_session_method_pref");

    return CURLE_FAILED_INIT;
}

if(libssh2_session_method_pref(sshc->ssh_session, LIBSSH2_METHOD_KEX, kexAlg))
{
    failf(data, "Failure libssh2_session_method_pref");
    return CURLE_FAILED_INIT;
}

But when we using tcpdump to capture the package during the sftp connect, the encryption_algorithms_server_to_client show some unexpected algorithm in the Client key exchange Init.
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc
The encryption_algorithms_client_to_server seems correct: aes128-cbc,aes256-cbc,aes128-ctr,aes256-ctr

I just set the 'aes128-ctr,aes192-ctr,aes256-ctr,aes256-cb' when I called the libssh2_session_method_pref(sshc->ssh_session, LIBSSH2_METHOD_CRYPT_CS, cipher).

So How can I remove the '[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc' for the libssh2 in the encryption_algorithms_server_to_client? Thanks.

Answered by willco007

Feb 28, 2024

You need to set the server client pref with this key LIBSSH2_METHOD_CRYPT_SC.

View full answer

willco007 · 2024-02-28T18:57:02Z

willco007
Feb 28, 2024
Maintainer

You need to set the server client pref with this key LIBSSH2_METHOD_CRYPT_SC.

3 replies

laogaolao Feb 29, 2024
Author

hi,
Sorry, what does it mean of 'server client pref', could you give more detailed info? Is there other function should be used? Thanks.

willco007 Feb 29, 2024
Maintainer

Just like what you are doing in your above sample code, but with the "Server Client" preference keys such as LIBSSH2_METHOD_CRYPT_SC as well as the Client Server keys.

laogaolao Mar 1, 2024
Author

Oh, got it, thanks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

encryption_algorithms_server_to_client for libssh2 #1323

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

encryption_algorithms_server_to_client for libssh2 #1323

laogaolao Feb 28, 2024

Replies: 1 comment · 3 replies

willco007 Feb 28, 2024 Maintainer

laogaolao Feb 29, 2024 Author

willco007 Feb 29, 2024 Maintainer

laogaolao Mar 1, 2024 Author

laogaolao
Feb 28, 2024

Replies: 1 comment 3 replies

willco007
Feb 28, 2024
Maintainer

laogaolao Feb 29, 2024
Author

willco007 Feb 29, 2024
Maintainer

laogaolao Mar 1, 2024
Author