Home
last modified time | relevance | path

Searched hist:"952 d18a214951dc47ba425047669fe64bfcd3454" (Results 1 – 3 of 3) sorted by relevance

/freebsd/crypto/openssh/
H A DFREEBSD-upgradediff 952d18a214951dc47ba425047669fe64bfcd3454 Tue Jul 28 02:24:12 CEST 2020 Ed Maste <emaste@FreeBSD.org> ssh: Remove AES-CBC ciphers from default server and client lists

A base system OpenSSH update in 2016 or so removed a number of ciphers
from the default lists offered by the server/client, due to known
weaknesses. This caused POLA issues for some users and prompted
PR207679; the ciphers were restored to the default lists in r296634.

When upstream removed these ciphers from the default server list, they
moved them to the client-only default list. They were subsequently
removed from the client default, in OpenSSH 7.9p1.

The change has persisted long enough. Remove these extra ciphers from
both the server and client default lists, in advance of FreeBSD 13.

Reviewed by: markm, rgrimes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25833
H A Dmyproposal.hdiff 952d18a214951dc47ba425047669fe64bfcd3454 Tue Jul 28 02:24:12 CEST 2020 Ed Maste <emaste@FreeBSD.org> ssh: Remove AES-CBC ciphers from default server and client lists

A base system OpenSSH update in 2016 or so removed a number of ciphers
from the default lists offered by the server/client, due to known
weaknesses. This caused POLA issues for some users and prompted
PR207679; the ciphers were restored to the default lists in r296634.

When upstream removed these ciphers from the default server list, they
moved them to the client-only default list. They were subsequently
removed from the client default, in OpenSSH 7.9p1.

The change has persisted long enough. Remove these extra ciphers from
both the server and client default lists, in advance of FreeBSD 13.

Reviewed by: markm, rgrimes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25833
H A Dsshd_config.5diff 952d18a214951dc47ba425047669fe64bfcd3454 Tue Jul 28 02:24:12 CEST 2020 Ed Maste <emaste@FreeBSD.org> ssh: Remove AES-CBC ciphers from default server and client lists

A base system OpenSSH update in 2016 or so removed a number of ciphers
from the default lists offered by the server/client, due to known
weaknesses. This caused POLA issues for some users and prompted
PR207679; the ciphers were restored to the default lists in r296634.

When upstream removed these ciphers from the default server list, they
moved them to the client-only default list. They were subsequently
removed from the client default, in OpenSSH 7.9p1.

The change has persisted long enough. Remove these extra ciphers from
both the server and client default lists, in advance of FreeBSD 13.

Reviewed by: markm, rgrimes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25833