From 3f8f0645c28700f4cb71c4f2e5678a0bb995a16d Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sat, 1 Jul 2023 20:00:24 +0200 Subject: [PATCH] ssh: prefer sha256 based RSA key algorithms sha256 is more optimized than sha512 in Go and is secure enough so prefer sha256 over sha512. Change-Id: I3fcf7457791e3ef4539e97049aa905dcd293499d Reviewed-on: https://go-review.googlesource.com/c/crypto/+/507556 Reviewed-by: Filippo Valsorda Reviewed-by: Cherry Mui Run-TryBot: Filippo Valsorda Auto-Submit: Filippo Valsorda TryBot-Result: Gopher Robot Reviewed-by: Roland Shoemaker --- ssh/common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh/common.go b/ssh/common.go index 5ce452bae8..44f71de3e1 100644 --- a/ssh/common.go +++ b/ssh/common.go @@ -70,12 +70,12 @@ var preferredKexAlgos = []string{ // supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods // of authenticating servers) in preference order. var supportedHostKeyAlgos = []string{ - CertAlgoRSASHA512v01, CertAlgoRSASHA256v01, + CertAlgoRSASHA256v01, CertAlgoRSASHA512v01, CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, - KeyAlgoRSASHA512, KeyAlgoRSASHA256, + KeyAlgoRSASHA256, KeyAlgoRSASHA512, KeyAlgoRSA, KeyAlgoDSA, KeyAlgoED25519,