HPN-SSH 18.7.1

[rapier1]

There are 2 main changes since 18.7.0.

RFC 8305 aka Happy Eyeballs
This is for use on dual stack systems meaning that they have both IPv4 and IPv6 TCP stacks. When enabled this option will try to connect to the target over both IPv4 and IPv6 with preference given to IPv6. This preference is created by giving IPv6 a 250ms head start over the IPv4 connection. Users can change this with the HappyDelay option. The first connection that completes successfully will be used. Any outstanding connection attempts will be closed. As of version 18.7.1 this option should be considered somewhat experimental. Usage:

-oHappyEyes  = [Yes|No] will enable Happy Eyeballs. The default is no.
-oHappyDelay = [N] where N is a positive integer expressed in
                  milliseconds. The default value of 250ms 
                  is suggested by RFC 8305.

e.g. hpnssh -oHappyEyes=yes -oHappyDelay=125 [email protected]

FIPS Mode and Parallel Ciphers
Using HPN-SSH in operating systems working in FIPS mode (e.g. RHEL with FIPS enabled) preclude the use of parallel ciphers. This is because the parallel AES-CTR implementation is not FIPS certified and will cause FIPS to exit with an error when loaded. In the case of the parallel ChaCha20 cipher the algorithm itself has not been FIPS certified and no implementation of ChaCha20 should be allowed in FIPS mode. We suggest the use of the AES-GCM cipher when operating under FIPS mode for optimal performance. This is behaviour is not user adjustable.

Minor Changes
The 64bit XOR method used in AES-CTR-MT was causing undefined behaviour. We have reduce the maximum bit size of an XOR to 32 bits until we develop a better XOR method. XORing is one of those things that can have an outsized impact on performance so please let us know if you see any noticeable performance hit. Also, if anyone wants to solve the XOR issue for us we'd love the help. Various changes have been made to the CI system on github and we've changed some minor parts of the regression test suites.

---

This discussion was created from the release HPN-SSH 18.7.1.

[rapier1]

If you use the DynamicWindow branch there are no changes at this time.

[rapier1]

Of course, I found out after I posted this that OpenSSH just had a call for testing announcement for 10.1 this morning. As such, we'll likely have a new version (18.8.0) inside of two weeks. I'm just starting the initial port and testing but I need for them to finalize their release.

[rapier1]

A quick note about the FIPS Mode changes: This has been tested under Fedora's FIPS mode and the Ubuntu FIPS mode (such as it is) and it works effectively in both of them. If you have other FIPS mode distributions let me know how FIPS mode is detected by the OS (in the above system /proc/sys/crypto/fips_enabled is set to 1 and that's what we look for). That said, it's up to you, the system administrator, to disable/demote the usage of the ChaCha20 cipher. The quick and easy way to do this is to modify your sshd_config/ssh_config to limit the allowed ciphers. You can do that with by entering the following directive in sshd_config/ssh_config or in an Include file:

Ciphers [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr

While this includes the chacha20 cipher the client/server will attempt to use aes256-gcm first (one of the most performant ciphers available). This ordering provides maximum flexibility for clients that are not running under FIPS mode to communicate with FIPS mode servers.

As a note: It is unlikely that any implementation of chacha20 will ever be a FIPS approved cipher as the algorithm has never been submitted for compliance.

Additionally, for those building by hand, under FIPS mode make tests will crash out immediately because it tries to generate an RSA key - which is not allowed in FIPS mode. We will not be removing support for RSA until OpenSSH does. As such, it is on you to build and test HPN-SSH on a system not running under FIPS mode if you want to run make tests.