OpenSSH 2.5.2p2 client to 2.5.1p1 server problem

Carson Gaspar carson at taltos.org
Wed Apr 4 14:26:01 EST 2001



--On Sunday, April 01, 2001 11:52 AM +0200 Markus Friedl 
<markus.friedl at informatik.uni-erlangen.de> wrote:

> openssh < 2.5.2 contains broken AES code.
>
> use Ciphers (see ssh(1) or sshd(2) to turn off
> AES (e.g.: "Ciphers blowfish,3des")
>
> or update the older openssh installations.
>
> sorry, -m

Since OpenSSH already parses the server string to work around various bugs, 
is there some reason it doesn't automatically disable AES when connecting 
to an old server?

Of course, this won't fix the old client -> new server case, but it's 
better than nothing.

-- 
Carson






More information about the openssh-unix-dev mailing list