Hello,
I am trying to write a crypto policy modifier to disable some kex
algorithms in OpenSSH (not the one in the example, but the issue is the
same).
Reading //usr/share/crypto-policies/python/policygenerators/openssh.py/,
I find mappings like /'ECDHE-SECP521R1-SHA2-512': 'ecdh-sha2-nistp521'/,
so I tried to write in a pmod /key_exchange = -ECDHE-SECP521R1-SHA2-512/
When I try to load it with update-crypto-policies, it fails stating /Bad
value of policy property `key_exchange`: `ECDHE-SECP521R1-SHA2-512`/,
and in fact If I check
//usr/share/crypto-policies/python/cryptopolicies/alg_lists.py,
/ECDHE-SECP521R1-SHA2-512 is not defined there.
So, how can I disable in OpenSSH kex/algorithms/etc that are defined in
//usr/share/crypto-policies/python/policygenerators/openssh.py /but not
in //usr/share/crypto-policies/python/cryptopolicies/alg_lists.py?/
Best regards
Francesco Di Nucci
