From: dtucker Date: Tue, 20 Aug 2024 09:02:45 +0000 (+0000) Subject: Set a default RekeyLimit of 256k. Used unless overridden by a X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9cd75f59b05f1c9cc036eb57da1dff2951ceea58;p=openbsd Set a default RekeyLimit of 256k. Used unless overridden by a command-line flag, which simplifies some of the ssh command lines. --- diff --git a/regress/usr.bin/ssh/rekey.sh b/regress/usr.bin/ssh/rekey.sh index f1ed4c56984..24c5a380d4b 100644 --- a/regress/usr.bin/ssh/rekey.sh +++ b/regress/usr.bin/ssh/rekey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: rekey.sh,v 1.23 2024/08/20 07:52:43 dtucker Exp $ +# $OpenBSD: rekey.sh,v 1.24 2024/08/20 09:02:45 dtucker Exp $ # Placed in the Public Domain. tid="rekey" @@ -9,6 +9,7 @@ rm -f ${LOG} cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak echo "Compression no" >> $OBJ/ssh_proxy +echo "RekeyLimit 256k" >> $OBJ/ssh_proxy # Test rekeying based on data volume only. # Arguments will be passed to ssh. @@ -57,7 +58,7 @@ done for opt in $opts; do verbose "client rekey $opt" - ssh_data_rekeying "$opt" -oRekeyLimit=256k + ssh_data_rekeying "$opt" done # AEAD ciphers are magical so test with all KexAlgorithms @@ -65,7 +66,7 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then for c in `${SSH} -Q cipher-auth`; do for kex in `${SSH} -Q kex`; do verbose "client rekey $c $kex" - ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c + ssh_data_rekeying "KexAlgorithms=$kex" -oCiphers=$c done done fi