OpenSSH security advisory: cbc.adv
Lutz Jaenicke
lutz at lutz-jaenicke.de
Thu Nov 27 19:06:00 EST 2008
Damien Miller wrote:
> OpenSSH Security Advisory: cbc.adv
> [text deleted]
>
> AES CTR mode and arcfour ciphers are not vulnerable to this attack at
> all. These may be preferentially selected by placing the following
> directive in sshd_config and ssh_config:
>
> Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
>
Hi,
I have been reading the documentation and had a look into the source
but finally did not manage to understand the selection method.
(For SSL it is the server that selects "based on the clients preferences"
which means that depending on the server settings the client's or the
server's preference will be used.)
Where can I find respective documentation (or the location in the source
to find out myself :-)
Best regards,
Lutz
More information about the openssh-unix-dev
mailing list