Hello, I am trying to write a crypto policy modifier to disable some kex algorithms in OpenSSH (not the one in the example, but the issue is the same). Reading //usr/share/crypto-policies/python/policygenerators/openssh.py/, I find mappings like /'ECDHE-SECP521R1-SHA2-512': 'ecdh-sha2-nistp521'/, so I tried to write in a pmod /key_exchange = -ECDHE-SECP521R1-SHA2-512/ When I try to load it with update-crypto-policies, it fails stating /Bad value of policy property `key_exchange`: `ECDHE-SECP521R1-SHA2-512`/, and in fact If I check //usr/share/crypto-policies/python/cryptopolicies/alg_lists.py, /ECDHE-SECP521R1-SHA2-512 is not defined there. So, how can I disable in OpenSSH kex/algorithms/etc that are defined in //usr/share/crypto-policies/python/policygenerators/openssh.py /but not in //usr/share/crypto-policies/python/cryptopolicies/alg_lists.py?/ Best regards Francesco Di Nucci
participants (1)
-
Francesco Di Nucci