Hi.

I think it would be a nice feature if ssh/libssh allow to specify the minimum and maximum accepted group size for DH GEX.

Currently the limits are hardcoded between 1024 - 8912, but this may not be enough for the security margins expected by client users or server operators.

A server operator can apparently easy protect against too small groups, by simply disabling the respective algos (diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1) respectively removing all those entries from /etc/ssh/moduli, which are considered to be too small.
Well not exactly since there is bug #2302.

But a client has currently no way to restrict the servers choice (unless by recomiling with new hardcoded defaults).
Of course on cannot protect this way against evil servers, but it's a good way against those which are just weakly configured without malicious intent.


I think it's also worth to allow changing the maximum size,... cause the RFC seems to only suggest a maximum of 8192, but doesn't forbid any higher.

But people should probably not be allowed to manually set something smaller than the current 1024.

If the server doesn't accept the client's choice or cannot serve it, the connection should be aborted and no fallback be made as in #2302.


Cheers,
Chris.