[Bug 2333] forbid old Ciphers, KexAlgorithms and MACs by default

bugzilla-daemon Wed, 07 Jan 2015 13:31:21 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2333


Damien Miller <d...@mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX
                 CC|                            |d...@mindrot.org

--- Comment #2 from Damien Miller <d...@mindrot.org> ---
We continually review the defaults and deprecate unsafe crypto as fast
as we feel we can, but we need to ship an SSH implementation that works
with others out there. The default algorithms that are selected (ecdh
curve25519 / aes-ctr / umac-64-etm) are quite safe and there is no
downgrade attack.

There is no realistic threat against the NIST EC curves, nor against
hmac-md5.

You're welcome to make these changes to you own configurations.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2333] forbid old Ciphers, KexAlgorithms and MACs by default

Reply via email to