[ssh_x509] PKIX-SSH release 12.4.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Feb 23 12:31:15 EET 2020

Dear list members,

yet anotherbug fix release is published 12.4.2. And this even if major 
version is not 13!

More seriously, in new release:

(x) Bugs:
*  use X.509 host-key algorithms as well
    Restore use of all supported algorithms when client build host-key 
algorithm list for key exchange message. Regression introduced in 
release 12.4.
    Note that client reorder algorithms preferences based on known host 
files. This functionality is disabled if client option HostKeyAlgorithms 
starts with "^". If this case algorithms from option take precedence.

*  validation of X.509 based host-keys
    Unexpected loss of functionality in PKIS-SSH 11.3 due to code refactor.
    Unlike before restored verification and validation of X.509 based 
host-keys is performed before authorisation by known host.

(x) Miscellaneous:
*  prevent ProxyJump loops
    Detect and prevent simple configuration loops when using ProxyJump.

Roumen Petrov

More information about the ssh_x509 mailing list