Cipher Order in sshd_config

Ron Frederick ronf at
Tue Aug 26 08:08:51 EST 2014

On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at> wrote:
> On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote:
>> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search).
>> Id like to know in sshd_config file, if the order given for cipher key word has an impact  please?
>> I mean is there a difference for the server if I do the config like :
>> e.g
>> Ciphers aes128-ctr,aes256-ctr
>> vs
>> Ciphers aes256-ctr,aes128-ctr 
> It matters on the client but not on the server (see RFC4253 section 7.1)
> The selected method will be the first on the client's list that appears on
> the server's list.

I noticed some time ago that OpenSSH still prefers aes128 over aes192/aes256 ciphers in multiple cases (CTR, GCM, and CBC). Is this due to concerns about CPU usage? These days, I would think we’d want to have clients prefer AES256.

It also still prefers MD5 over everything else for hashing, and SHA1 over SHA2. While it still makes sense to support MD5 for backward compatibility (and indeed the SSH RFC requires it), I’m not sure it still makes sense to prefer either it or SHA1 at this point.
Ron Frederick
ronf at

More information about the openssh-unix-dev mailing list