CBC Ciphers removal from AIX Servers
Flavien
flavien-ssh at lebarbe.net
Sat May 7 07:09:11 AEST 2016
SCK wrote :
> Hi,
> Nessus tool identified AIX servers are configured with vulnerable ciphers.As a remediation I have made proper changes in sshd_config file. Stop the sshd daemon and start sshd
> Still Issue persist. I have checked on one system post system reboot vulnerabilities went off.
> Is there any other way by which I can remove the vulnerabilities without rebooting the servers.
> Sunil
>From what you write, it looks like "something" needs to be restarted,
not only the sshd daemon.
I remember hitting a bug on AIX a few years ago [1]. It was linked
to CryptoLite library (some acceleration lib for crypto operation).
That library came with a kernel module. May be you should have a
look there ? Just an idea.
HTH,
Flavien.
[1] : http://thread.gmane.org/gmane.network.openssh.devel/19176
More information about the openssh-unix-dev
mailing list