OpenSSH security advisory: cbc.adv

Markus Friedl markus.r.friedl at
Fri Nov 28 19:23:05 EST 2008

On Thu, Nov 27, 2008 at 11:11:44PM +0100, Lutz Jaenicke wrote:
> Markus Friedl wrote:
> >On Thu, Nov 27, 2008 at 09:06:00AM +0100, Lutz Jaenicke wrote:
> >  
> >>I have been reading the documentation and had a look into the source
> >>but finally did not manage to understand the selection method.
> >>(For SSL it is the server that selects "based on the clients preferences"
> >>    
> Thanks.
> So the modification proposed for the server's cipher config will influence
> the ciphers supported but it will not affect the preference in the selection
> process. The preference is controlled via the client's configuration
> (at least with the current software version)!?

yes, the protocol works like this. the client chooses.
so you have to remove all CBC ciphers from the servers
config file.


More information about the openssh-unix-dev mailing list