diff --git a/README.md b/README.md index 4d89b178..275fcade 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,7 @@ For convenience, a web front-end on top of the command-line tool is available at - Fixed crash when running with `-P` and `-T` options simultaneously. - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB). - Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o). + - Added 1 new cipher: `grasshopper-ctr128`. ### v3.2.0 (2024-04-22) - Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py index f65e014c..44adb252 100644 --- a/src/ssh_audit/ssh2_kexdb.py +++ b/src/ssh_audit/ssh2_kexdb.py @@ -346,6 +346,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'des-cbc-ssh1': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc@ssh.com': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'grasshopper-ctr128': [[], [FAIL_UNTRUSTED]], 'idea-cbc': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'idea-cfb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'idea-ctr': [[], [FAIL_IDEA]],