On 17 January 2011 16:28, Michael Hudson-Doyle
<email address hidden> wrote:
>> I think I got a false pass because OpenSSH defaults to never initiating
>> rekeying from the client.
>
> Er. This is not true, according to my understanding of things.
Sorry, I meant to say "not rekeying within the first 1GB".
>> If I set 'RekeyLimit 50k' then it does hang, and presumably will
>> eventually time out. On the other hand running the same command
>> against qastaging, which does have this fix, succeeds.
>
> Note that rekeying involves many round trips and so frequent rekeying
> over a high latency link (such as over wifi at the rally) will be very
> slow. How did you determine it had hung?
It was stuck for over a minute, with no IO.
>> So this should be fixed on the next major/with-downtime rollout of
>> Launchpad, in a couple of weeks(?).
>
> Did you write this before or after the 11.01 rollout?
On 17 January 2011 16:28, Michael Hudson-Doyle
<email address hidden> wrote:
>> I think I got a false pass because OpenSSH defaults to never initiating
>> rekeying from the client.
>
> Er. This is not true, according to my understanding of things.
Sorry, I meant to say "not rekeying within the first 1GB".
>> If I set 'RekeyLimit 50k' then it does hang, and presumably will
>> eventually time out. On the other hand running the same command
>> against qastaging, which does have this fix, succeeds.
>
> Note that rekeying involves many round trips and so frequent rekeying
> over a high latency link (such as over wifi at the rally) will be very
> slow. How did you determine it had hung?
It was stuck for over a minute, with no IO.
>> So this should be fixed on the next major/with-downtime rollout of
>> Launchpad, in a couple of weeks(?).
>
> Did you write this before or after the 11.01 rollout?
Before. It really is FixReleased now.
--
Martin