rniamat ✍🏽Jul 31, 2025

mijn bescheiden bijdrage aan het #libssh2 #CRA theater waar Daniel Stenberg mee te maken heeft

https://itchannelpro.nl/een-boeiende-draad-op-mastodon-over-libssh2-en-de-cra/

Een boeiende draad op Mastodon over libssh2 en de CRA

libssh2 is OS. Emerson betaalt geen cent voor het gebruik. Of Stenberg ze kan helpen voor niks zodat ze aan de CRA kunnen voldoen.

ITchannelPRO
daniel:// stenberg://Jul 30, 2025

The "good" people at Emerson for some reason couldn't think for themselves when I responded to them on behalf of #curl and instead continue and send the same questions to the #libssh2 project with the same "demands".

"This is a gentle reminder regarding our earlier request for your input on the cybersecurity risk assessment of the software component β€œlibssh2” version 1.11.0, as part of our compliance efforts with the EU Cyber Resilience Act (CRA)."

daniel:// stenberg://May 19, 2025

I ran a quick SFTP performance test with #curl built to use #libssh 0.11.1 vs one built that uses #libssh2 1.11.1 over a 400ms latency connection.

One of them managed to perform this at 1049K/sec, the other reached only 249K/sec.

And the winner is...

libssh2

Funny detail: I sped it up for this kind of use case **fifteen years ago** and blogged about it: https://daniel.haxx.se/blog/2010/12/08/making-sftp-transfers-fast/

Making SFTP transfers fast

SFTP, the SSH File Transfer Protocol, is a misleading name. It gives you the impression that it might be something like a secure version of FTP, perhaps something like FTPS but modeled over SSH instead of SSL. But it isn't! I think a more suitable name would've been SNFS or FSSSH. That is: networked file … Continue reading Making SFTP transfers fast β†’

daniel.haxx.se
daniel:// stenberg://Oct 16, 2024
Say hello to #libssh2 1.11.1, just released => https://github.com/libssh2/libssh2/releases/tag/libssh2-1.11.1
Release 1.11.1 Β· libssh2/libssh2

This release includes the following enhancements and bugfixes: autotools: fix to update LDFLAGS for each detected dependency (d19b619 #1384 #1381 #1377) autotools: delete --disable-tests option, f...

GitHub
alipMay 7, 2024
#cmake depends on #libssh2 unconditionally even when bootstrapping and #libssh2 uses #cmake to build. What could possibly go wrong? #exherbo
daniel:// stenberg://Dec 25, 2023

On this day, fifteen years ago, we shipped #libssh2 1.0

https://daniel.haxx.se/blog/2008/12/26/libssh2-1-0/

libssh2 1.0! | daniel.haxx.se

Harry SintonenDec 19, 2023
Glad to see that #libssh2 is on top of things adding #terrapinattack mitigation https://github.com/libssh2/libssh2/pull/1291
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" by vszakats Β· Pull Request #1291 Β· libssh2/libssh2

Refs: https://terrapin-attack.com/ https://seclists.org/oss-sec/2023/q4/292 https://osv.dev/list?ecosystem=&q=CVE-2023-48795 GHSA-45x7-px36-x8w8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2...

GitHub
GateLinkerJun 11, 2023

I realized that the new version 1.11 of #libssh2 was published 2 weeks ago: https://www.libssh2.org/

For v1.10 I commited some patches regarding #UWP, #WinCE and #BSD locally.
Some of those patches are obsolete now, but I guess I will find issues when I start builds for old target platforms.

The only disadvantage of crypto-libs is: They are complex and always need some extra attentions.

But I love them ❀️, because it's fun to write your own #SSH client by just a few lines of code.

libssh2

daniel:// stenberg://May 30, 2023
#libssh2 1.11.0 is out => https://libssh2.org/
libssh2