From 3ee4fb700176f2cd5759b55141ebd1f8dbca164b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 May 2023 14:08:42 -0400 Subject: Changelog entry for signature algorithm fallback change re #2012, re #1961 --- sites/www/changelog.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5f085131..bdd2d426 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,18 @@ Changelog ========= +- :bug:`2012 major` (also :issue:`1961` and countless others) The + ``server-sig-algs`` and ``RSA-SHA2`` features added around Paramiko 2.9 or + so, had the annoying side effect of not working with servers that dont' + support *either* of those feature sets, requiring use of + ``disabled_algorithms`` to forcibly disable the SHA2 algorithms on Paramiko's + end. + + The **experimental** `~paramiko.transport.ServiceRequestingTransport` (noted + in its own entry in this changelog) includes a fix for this issue, + specifically by falling back to the same algorithm as the in-use pubkey if + it's in the algorithm list (leaving the "first algorithm in said list" as an + absolute final fallback). - :feature:`-` Implement ``_fields()`` on `~paramiko.agent.AgentKey` so that it may be compared (via ``==``) with other `~paramiko.pkey.PKey` instances. - :bug:`23 major` Since its inception, Paramiko has (for reasons lost to time) -- cgit v1.2.3