svn commit: r294495 - in head: . crypto/openssh
Bryan Drewery
bdrewery at FreeBSD.org
Fri Jan 22 22:00:45 UTC 2016
On 1/22/2016 1:56 PM, Dag-Erling Smørgrav wrote:
> Bryan Drewery <bdrewery at FreeBSD.org> writes:
>> I've used these in sshd_config and ssh_config to restore some removed
>> functionality:
>>
>> Ciphers +blowfish-cbc,arcfour,aes128-cbc,3des-cbc
>> KexAlgorithms +diffie-hellman-group1-sha1
>
> Do you actually need these? Do you know of any clients or servers which
> do not support any of the other ciphers and key exchange algorithms
> which OpenSSH offers?
>
>> PubkeyAcceptedKeyTypes +ssh-dss,ssh-dss-cert-v01 at openssh.com
>> HostkeyAlgorithms +ssh-dss,ssh-dss-cert-v01 at openssh.com
>
> These are already enabled.
>
Right. I was suggesting an alternative method to modifying these
upstream files and providing deprecated and potentially insecure
functionality by default.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20160122/83e08df3/attachment.sig>
More information about the svn-src-all
mailing list