sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

testing: Configure curve25519-sha256 as key exchange for SSH

Browse Source 
With Debian bookworm, the PQC KE sntrup761x25519-sha512 is negotiated, by
default.  This increases the overhead significantly, in particular, the
size of the KE message, which wouldn't get through IPsec tunnels without
MSS clamping.
This commit is contained in:
Tobias Brunner 2023-06-26 14:20:14 +02:00
parent 0e621f60f8
commit ab13c1c808
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
testing/hosts/default/etc/ssh/sshd_config
View File

@ -1,6 +1,7 @@
Port 22
Protocol 2
Ciphers aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
PermitRootLogin yes