Re-add AES-CBC ciphers to the default cipher list on the server.
PR: 207679
This commit is contained in:
parent
acc1a9ef83
commit
c3c6c935fc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=296634
@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
FreeBSD maintainer's guide to OpenSSH-portable
|
FreeBSD maintainer's guide to OpenSSH-portable
|
||||||
==============================================
|
==============================================
|
||||||
|
|
||||||
@ -166,6 +165,13 @@
|
|||||||
ignore HPN-related configuration options to avoid breaking existing
|
ignore HPN-related configuration options to avoid breaking existing
|
||||||
configurations.
|
configurations.
|
||||||
|
|
||||||
|
A) AES-CBC
|
||||||
|
|
||||||
|
The AES-CBC ciphers were removed from the server-side proposal list
|
||||||
|
in 6.7p1 due to theoretical weaknesses and the availability of
|
||||||
|
superior ciphers (including AES-CTR and AES-GCM). We have re-added
|
||||||
|
them for compatibility with third-party clients.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
This port was brought to you by (in no particular order) DARPA, NAI
|
This port was brought to you by (in no particular order) DARPA, NAI
|
||||||
|
@ -113,10 +113,11 @@
|
|||||||
#define KEX_SERVER_ENCRYPT \
|
#define KEX_SERVER_ENCRYPT \
|
||||||
"chacha20-poly1305@openssh.com," \
|
"chacha20-poly1305@openssh.com," \
|
||||||
"aes128-ctr,aes192-ctr,aes256-ctr" \
|
"aes128-ctr,aes192-ctr,aes256-ctr" \
|
||||||
AESGCM_CIPHER_MODES
|
AESGCM_CIPHER_MODES \
|
||||||
|
",aes128-cbc,aes192-cbc,aes256-cbc"
|
||||||
|
|
||||||
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
|
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
|
||||||
"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
|
"3des-cbc"
|
||||||
|
|
||||||
#define KEX_SERVER_MAC \
|
#define KEX_SERVER_MAC \
|
||||||
"umac-64-etm@openssh.com," \
|
"umac-64-etm@openssh.com," \
|
||||||
|
@ -482,7 +482,8 @@ The default is:
|
|||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
chacha20-poly1305@openssh.com,
|
chacha20-poly1305@openssh.com,
|
||||||
aes128-ctr,aes192-ctr,aes256-ctr,
|
aes128-ctr,aes192-ctr,aes256-ctr,
|
||||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
||||||
|
aes128-cbc,aes192-cbc,aes256-cbc
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
The list of available ciphers may also be obtained using the
|
The list of available ciphers may also be obtained using the
|
||||||
|
Loading…
Reference in New Issue
Block a user