Date: Wed, 9 Apr 2025 13:34:22 -0400 From: Ed Maste <emaste@freebsd.org> To: Christian Weisgerber <naddy@mips.inka.de> Cc: freebsd-security@freebsd.org Subject: Re: Heads-up: DSA key support being removed from OpenSSH Message-ID: <CAPyFy2CYfLUH2RcjyD=1R2yDZ%2BjrrM%2BkTd%2BCG4Oe=wf-gqgMWA@mail.gmail.com> In-Reply-To: <Z-yHP60GXxdI-gbi@lorvorc.mips.inka.de> References: <CAPyFy2Dk0VoqLPSHxTLzBCWT_ouqU_kj4QNhN17VybMinbr6bA@mail.gmail.com> <76933d66-eff5-4d43-a7a6-98a153e71d77@rlwinm.de> <Z9tIOBjs2DgvBhy7@lorvorc.mips.inka.de> <Z-yHP60GXxdI-gbi@lorvorc.mips.inka.de>
index | next in thread | previous in thread | raw e-mail
On Tue, 1 Apr 2025 at 20:40, Christian Weisgerber <naddy@mips.inka.de> wrote: > > Christian Weisgerber: > > > If OpenSSH upstream stick to the published schedule, version 9.9 > > that is now in 13-STABLE/14-STABLE/15-CURRENT will be the _final_ > > release that even includes the DSA code. > > Subject: Call for testing: OpenSSH 10.0 > [...] > Potentially-incompatible changes > -------------------------------- > > * This release removes support for the weak DSA signature > algorithm, completing the deprecation process that began in > 2015 (when DSA was disabled by default) and repeatedly warned > over the the last 12 months. > [...] > > https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041855.html I'm preparing to import OpenSSH 10.0 into the FreeBSD base system, and intend to merge the DSA removal separately in advance. Two reviews are open for this: - https://reviews.freebsd.org/D49739 - https://reviews.freebsd.org/D49740 (rc.d/sshd update from jlduran)home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CYfLUH2RcjyD=1R2yDZ%2BjrrM%2BkTd%2BCG4Oe=wf-gqgMWA>