D25833.id75006.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D25833.id75006.diff
View Options

	Index: crypto/openssh/FREEBSD-upgrade
	===================================================================
	--- crypto/openssh/FREEBSD-upgrade
	+++ crypto/openssh/FREEBSD-upgrade
	@@ -168,13 +168,6 @@
	ignore HPN-related configuration options to avoid breaking existing
	configurations.

	-9) AES-CBC
	-
	- The AES-CBC ciphers were removed from the server-side proposal list
	- in 6.7p1 due to theoretical weaknesses and the availability of
	- superior ciphers (including AES-CTR and AES-GCM). We have re-added
	- them for compatibility with third-party clients.
	-


	This port was brought to you by (in no particular order) DARPA, NAI
	Index: crypto/openssh/myproposal.h
	===================================================================
	--- crypto/openssh/myproposal.h
	+++ crypto/openssh/myproposal.h
	@@ -122,8 +122,7 @@
	#define KEX_SERVER_ENCRYPT \
	"chacha20-poly1305@openssh.com," \
	"aes128-ctr,aes192-ctr,aes256-ctr" \
	- AESGCM_CIPHER_MODES \
	- ",aes128-cbc,aes192-cbc,aes256-cbc"
	+ AESGCM_CIPHER_MODES

	#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT

	Index: crypto/openssh/sshd_config.5
	===================================================================
	--- crypto/openssh/sshd_config.5
	+++ crypto/openssh/sshd_config.5
	@@ -495,8 +495,7 @@
	.Bd -literal -offset indent
	chacha20-poly1305@openssh.com,
	aes128-ctr,aes192-ctr,aes256-ctr,
	-aes128-gcm@openssh.com,aes256-gcm@openssh.com,
	-aes128-cbc,aes192-cbc,aes256-cbc
	+aes128-gcm@openssh.com,aes256-gcm@openssh.com
	.Ed
	.Pp
	The list of available ciphers may also be obtained using