Index: head/crypto/openssh/FREEBSD-upgrade
===================================================================
--- head/crypto/openssh/FREEBSD-upgrade
+++ head/crypto/openssh/FREEBSD-upgrade
@@ -168,13 +168,6 @@
    ignore HPN-related configuration options to avoid breaking existing
    configurations.
 
-9) AES-CBC
-
-   The AES-CBC ciphers were removed from the server-side proposal list
-   in 6.7p1 due to theoretical weaknesses and the availability of
-   superior ciphers (including AES-CTR and AES-GCM).  We have re-added
-   them for compatibility with third-party clients.
-
 
 
 This port was brought to you by (in no particular order) DARPA, NAI
Index: head/crypto/openssh/myproposal.h
===================================================================
--- head/crypto/openssh/myproposal.h
+++ head/crypto/openssh/myproposal.h
@@ -1,5 +1,4 @@
 /* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -122,8 +121,7 @@
 #define KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
 	"aes128-ctr,aes192-ctr,aes256-ctr" \
-	AESGCM_CIPHER_MODES \
-	",aes128-cbc,aes192-cbc,aes256-cbc"
+	AESGCM_CIPHER_MODES
 
 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
 
Index: head/crypto/openssh/sshd_config.5
===================================================================
--- head/crypto/openssh/sshd_config.5
+++ head/crypto/openssh/sshd_config.5
@@ -495,8 +495,7 @@
 .Bd -literal -offset indent
 chacha20-poly1305@openssh.com,
 aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-aes128-cbc,aes192-cbc,aes256-cbc
+aes128-gcm@openssh.com,aes256-gcm@openssh.com
 .Ed
 .Pp
 The list of available ciphers may also be obtained using