OpenSSH security advisory: cbc.adv
Markus Friedl
markus.r.friedl at arcor.de
Fri Nov 28 19:23:05 EST 2008
On Thu, Nov 27, 2008 at 11:11:44PM +0100, Lutz Jaenicke wrote:
> Markus Friedl wrote:
> >On Thu, Nov 27, 2008 at 09:06:00AM +0100, Lutz Jaenicke wrote:
> >
> >>I have been reading the documentation and had a look into the source
> >>but finally did not manage to understand the selection method.
> >>(For SSL it is the server that selects "based on the clients preferences"
> >>
>
> Thanks.
> So the modification proposed for the server's cipher config will influence
> the ciphers supported but it will not affect the preference in the selection
> process. The preference is controlled via the client's configuration
> (at least with the current software version)!?
yes, the protocol works like this. the client chooses.
so you have to remove all CBC ciphers from the servers
config file.
-m
More information about the openssh-unix-dev
mailing list