mscdex
diffie-hellman-group-exchange-sha256 is very slow and take ~30 seconds
connecting [xxxxxxxxxxxxxxxxxxxxxxxxx] ... CLIENT[sftp]: connect: Debugging turned on CLIENT[sftp]: ssh2-sftp-client Version: 10.0.3 { "node": "18.16.0", "acorn": "8.8.2", "ada": "1.0.4", "ares": "1.19.0", "brotli": "1.0.9", "cldr": "42.0", "icu": "72.1", "llhttp": "6.0.10", "modules": "108", "napi": "8", "nghttp2": "1.52.0", "nghttp3": "0.7.0", "ngtcp2": "0.8.1", "openssl": "3.0.8+quic", "simdutf": "3.2.2", "tz": "2022g", "undici": "5.21.0", "unicode": "15.0", "uv": "1.44.2", "uvwasi": "0.0.15", "v8": "10.2.154.26-node.26", "zlib": "1.2.13" } CLIENT[sftp]: connect: Connect attempt 1 Custom crypto binding not available Local ident: 'SSH-2.0-ssh2js1.15.0' Client: Trying xxxxxxxxxxxxxxxxxxxxxxxxx on port 22 ... Socket connected Remote ident: 'SSH-2.0-OBS SFTP Server [SERVER]' Outbound: Sending KEXINIT Inbound: Handshake in progress Handshake: (local) KEX method: [email protected],curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c,[email protected] Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,ext-info-s Handshake: KEX algorithm: diffie-hellman-group-exchange-sha256 Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ssh-rsa Handshake: Host key format: rsa-sha2-512 Handshake: (local) C->S cipher: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected] Handshake: (remote) C->S cipher: aes256-ctr,aes256-cbc Handshake: C->S Cipher: aes256-ctr Handshake: (local) S->C cipher: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected] Handshake: (remote) S->C cipher: aes256-ctr,aes256-cbc Handshake: S->C cipher: aes256-ctr Handshake: (local) C->S MAC: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: (remote) C->S MAC: hmac-sha2-256 Handshake: C->S MAC: hmac-sha2-256 Handshake: (local) S->C MAC: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: (remote) S->C MAC: hmac-sha2-256 Handshake: S->C MAC: hmac-sha2-256 Handshake: (local) C->S compression: none,[email protected],zlib Handshake: (remote) C->S compression: none,zlib,[email protected] Handshake: C->S compression: none Handshake: (local) S->C compression: none,[email protected],zlib Handshake: (remote) S->C compression: none,zlib,[email protected] Handshake: S->C compression: none Outbound: Sending KEXDH_GEX_REQUEST Received DH GEX Group
Outbound: Sending KEXDH_GEX_INIT Received DH GEX Reply Received DH Reply Host accepted by default (no verification) Host accepted (verified) Outbound: Sending NEWKEYS Inbound: NEWKEYS Verifying signature ... Verified signature Handshake completed
Yep, modern versions of OpenSSL do a lot of extra checks on DH values in the name of security. You're better off using Curve25519 instead where possible, which AFAIU does not incur these kinds of penalties.
thanks for your reply @mscdex . the problem is that I don't control this, this is the only algorithm the server that Im trying to connect supports - so I have to work with this. is there a way reduce the amount of checks so its faster? one thing that I forgot to mention, when trying from sftp cli (from openSSH package) - it connects less than a second.
is there a way reduce the amount of checks so its faster?
Short of patching OpenSSL and/or node, there is no way to reduce the amount of checking.
when trying from sftp cli (from openSSH package) - it connects less than a second
I wouldn't be surprised if OpenSSH is utilizing different APIs and/or doing some things themselves when performing DH.
Additionally you could try newer versions of node and/or OpenSSL (if your copy of node is using system OpenSSL), it's possible improvements in OpenSSL could make things faster somehow.