From 3f7271b68414943056fbbb59390175a506813aa6 Mon Sep 17 00:00:00 2001
From: Eugene <inbox@null.page>
Date: Sun, 29 Sep 2024 10:16:52 +0200
Subject: [PATCH] fixed #358 - relax strict kex checks to match OpenSSH

---
 russh/src/client/encrypted.rs | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/russh/src/client/encrypted.rs b/russh/src/client/encrypted.rs
index 1a3ac7ba..f7c93bc4 100644
--- a/russh/src/client/encrypted.rs
+++ b/russh/src/client/encrypted.rs
@@ -26,7 +26,7 @@ use crate::negotiation::{Named, Select};
 use crate::parsing::{ChannelOpenConfirmation, ChannelType, OpenChannelMessage};
 use crate::session::{Encrypted, EncryptedState, GlobalRequestResponse, Kex, KexInit};
 use crate::{
-    auth, msg, negotiation, strict_kex_violation, Channel, ChannelId, ChannelMsg,
+    auth, msg, negotiation, Channel, ChannelId, ChannelMsg,
     ChannelOpenFailure, ChannelParams, CryptoVec, Sig,
 };
 
@@ -70,11 +70,9 @@ impl Session {
                     None
                 };
 
-                if let Some(kexinit) = kexinit {
-                    if let Some(ref algo) = kexinit.algo {
-                        if self.common.strict_kex && !algo.strict_kex {
-                            return Err(strict_kex_violation(msg::KEXINIT, 0).into());
-                        }
+                if let Some(mut kexinit) = kexinit {
+                    if let Some(ref mut algo) = kexinit.algo {
+                        algo.strict_kex = algo.strict_kex || self.common.strict_kex;
                     }
 
                     let dhdone = kexinit.client_parse(