Default ciphers list

Jesse P. jessep3 at hushmail.com
Sun Nov 17 11:48:44 EST 2013


Hi. I was reading the sshd_config manpage and wondering why the default ciphers are:

                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
                aes128-gcm at openssh.com,aes256-gcm at openssh.com,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour

Wasn't AES-GCM supposed to be more secure and recommended? It's been bumped
down a bit. Also, why is CTR preferred over CBC? Thanks.



More information about the openssh-unix-dev mailing list