January 31, 2024

Chilkat v9.5.0.97 Mitigates Vulnerability to the SSH Terrapin Attack

Chilkat v9.5.0.97 makes changes to mitigate the Terrapin attack problem.
It does so by modifying the selection of the default algorithms in the following ways:

  1. chacha20-poly1305@openssh.com is no longer included by default. It can be re-added by specifying “+chacha20-poly1305@openssh.com” in the UncommonOptions property.
  2. We are going to keep the “-cbc” encryption modes because potentially too many servers would be affected by eliminating these encryption algorithms. However, we no longer include the “-etm” MAC algorithms, which are:
    • hmac-sha1-etm@openssh.com
    • hmac-sha2-256-etm@openssh.com
    • hmac-sha2-512-etm@openssh.com

    The -etm MAC algorithms can be re-added by specifying “+ssh-hmac-etm” in UncommonOptions.

    3. For more information about the Terrapin attack, see https://terrapin-attack.com/

    Chilkat (with the above modifications) has been tested using the vulnerability scanner
    found at https://github.com/RUB-NDS/Terrapin-Scanner/releases/tag/v1.1.0

    admin
    0
Tags :

Tags

ActiveX asp async asynchronous C# callbacks charset Delphi email Encryption error messages events exchange server FTP GMail HTTP IMAP IOS Java Linking MHT MIME oauth2 Office365 pfx PHP pop3 port-forwarding regsvr32 release notes RSA SFTP SMTP socket SSH SSL TLS tunnel upload vb6 VC++ x64 xades XML zip