Subject: [libssh2] #180: Compression enabled at the wrong time

[libssh2] #180: Compression enabled at the wrong time

From: libssh2 Trac <>
Date: Sat, 19 Jun 2010 16:55:08 -0000

#180: Compression enabled at the wrong time
 Reporter: tj@… | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.2.6
Component: protocol | Version: 1.2.6
 Keywords: | Blocks:
Blocked By: |
 In KEXINIT messages, the client and server agree on, among other things,
 whether to use compression. This method agreement occurs in src/kex.c's
 kex_agree_methods() function. However, if compression is enabled (either
 client->server, server->client, or both), then the compression layer is
 initialized in kex_agree_methods() -- before NEWKEYS has been received.

 Instead, the initialization of the compression layer should happen after
 NEWKEYS has been received. This looks to occur insrc/kex.c's
 diffie_hellman_sha1(), which even has the comment:

         /* The first key exchange has been performed,
            switch to active crypt/comp/mac mode */

 There, after NEWKEYS is received, the cipher and mac algorithms are
 initialized, and that is where the compression should be initialized as

 The current implementation fails if server->client compression is enabled
 because most server implementations follow OpenSSH's lead, where
 compression is initialized after NEWKEYS. Since the server initializes
 compression after NEWKEYS, but libssh2 initializes compression after
 KEXINIT (i.e. before NEWKEYS), they are out of sync.

Ticket URL: <>
libssh2 <>
C library for writing portable SSH2 clients
Received on 2010-06-19