f60de7c2da
- SSH scanning via ssh-audit (KEX, encryption, MAC, host keys) - BSI TR-02102-4 and IANA compliance validation for SSH - CSV/Markdown/reST reports for SSH results - Unified compliance schema and database views - Code optimization: modular query/writer architecture
83 lines
2.3 KiB
XML
83 lines
2.3 KiB
XML
<?xml version='1.0' encoding='UTF-8' ?>
|
|
<registry xmlns="http://www.iana.org/assignments" id="ssh-parameters">
|
|
<title>Secure Shell (SSH) Protocol Parameters</title>
|
|
<created>2005-06-02</created>
|
|
<updated>2025-01-21</updated>
|
|
|
|
<registry id="ssh-parameters-16">
|
|
<title>Key Exchange Method Names</title>
|
|
<record>
|
|
<value>curve25519-sha256</value>
|
|
<xref type="rfc" data="rfc8731" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>diffie-hellman-group14-sha256</value>
|
|
<xref type="rfc" data="rfc8268" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>diffie-hellman-group1-sha1</value>
|
|
<xref type="rfc" data="rfc4253" />
|
|
<implement>MUST NOT</implement>
|
|
</record>
|
|
</registry>
|
|
|
|
<registry id="ssh-parameters-17">
|
|
<title>Encryption Algorithm Names</title>
|
|
<record>
|
|
<value>chacha20-poly1305@openssh.com</value>
|
|
<xref type="text">OpenSSH</xref>
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>aes128-ctr</value>
|
|
<xref type="rfc" data="rfc4344" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>aes256-ctr</value>
|
|
<xref type="rfc" data="rfc4344" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>3des-cbc</value>
|
|
<xref type="rfc" data="rfc4253" />
|
|
<implement>MUST NOT</implement>
|
|
</record>
|
|
</registry>
|
|
|
|
<registry id="ssh-parameters-18">
|
|
<title>MAC Algorithm Names</title>
|
|
<record>
|
|
<value>hmac-sha2-256</value>
|
|
<xref type="rfc" data="rfc6668" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>hmac-sha2-512</value>
|
|
<xref type="rfc" data="rfc6668" />
|
|
<implement>SHOULD</implement>
|
|
</record>
|
|
<record>
|
|
<value>hmac-sha1</value>
|
|
<xref type="rfc" data="rfc4253" />
|
|
<implement>SHOULD NOT</implement>
|
|
</record>
|
|
</registry>
|
|
|
|
<registry id="ssh-parameters-20">
|
|
<title>Compression Algorithm Names</title>
|
|
<record>
|
|
<value>none</value>
|
|
<xref type="rfc" data="rfc4253" />
|
|
<implement>MUST</implement>
|
|
</record>
|
|
<record>
|
|
<value>zlib</value>
|
|
<xref type="rfc" data="rfc4253" />
|
|
<implement>MAY</implement>
|
|
</record>
|
|
</registry>
|
|
</registry>
|