curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RE: First version of curl to enable SHA256 for sftp

From: Werner L. Stolz via curl-users <curl-users_at_lists.haxx.se>
Date: Fri, 2 Sep 2022 13:43:26 +0000

That is an interesting point that I admit that I had not considered.

We are currently constrained from upgrading to a newer version of OpenSSH due to some badly-designed code that an ex-associate put into
place that I am in the process of remediating.

This seems to indicate that I we can accelerate the remediation process, we can then simply put in a newer version of OpenSSH and have
the problem go away without touching our curl application.

Thanks.

Werner Stolz
InvestCloud, Inc.
LOS ANGELES - NEW YORK - LONDON - GENEVA - SINGAPORE - SYDNEY - ZURICH - VENICE - LUXEMBOURG - HONG KONG - TOKYO - BENGALURU - TORONTO - SAN FRANCISCO - TAMPA - CARLSBAD - NEW JERSEY
mobile: +1 331-238-3870 | office: +1 848-305-7158 | investcloud.com

-----Original Message-----
From: Jeffrey Walton <noloader_at_gmail.com>
Sent: Thursday, September 1, 2022 7:40 PM
To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
Cc: Werner L. Stolz <wstolz_at_investcloud.com>
Subject: Re: First version of curl to enable SHA256 for sftp

On Thu, Sep 1, 2022 at 6:53 PM Werner L. Stolz via curl-users <curl-users_at_lists.haxx.se> wrote:
>
> We have an issue with being unable to negotiate encryption keys with one of our data partners.
>
> From the error message and my research, it looks like a problem
> between old, deprecated DSA encryption and SHA1 versus SHA256 for RSA, and the only solution is to upgrade to a newer version of curl.
>
> The problem is that we run on AIX, so we cannot simply pull an RPM for
> a Linux distro. I tried to investigate the curl releases documentation, but I cannot tell when SHA256 support was added.
>
> Could someone with more knowledge please let me know when SHA256 support was added?

Hi Werner,

Another thought is, build an updated OpenSSH. You will get updated ssh and scp clients and servers for the AIX box.

cURL is non-trivial to build because it has so many dependencies.[1] OpenSSH is relatively easy to build because it has two dependencies - zLib and OpenSSL.[2] Or three if you want LDNS.[2] So OpenSSH is usually an easier problem.

[1] https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnoloader%2FBuild-Scripts%2Fblob%2Fmaster%2Fbuild-curl.sh&amp;data=05%7C01%7Cwstolz%40investcloud.com%7Cb7d6a392db2d4eedef6d08da8c7bbade%7C134fa738eba84721a959151561c6c68e%7C0%7C0%7C637976760318928353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=jMVfC5PrXgu1TuTTV3hm%2BPeArHN2kHRmvMoOWwb8QWM%3D&amp;reserved=0
[2] https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnoloader%2FBuild-Scripts%2Fblob%2Fmaster%2Fbuild-openssh.sh&amp;data=05%7C01%7Cwstolz%40investcloud.com%7Cb7d6a392db2d4eedef6d08da8c7bbade%7C134fa738eba84721a959151561c6c68e%7C0%7C0%7C637976760318928353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=6YZGyTRmN3Jc4nicJjuCt3YYSyogzS%2FDyD2qq2jGtcM%3D&amp;reserved=0

Jeff
________________________________


Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.

________________________________


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-users
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2022-09-02