CBC Ciphers removal from AIX Servers

Flavien flavien-ssh at lebarbe.net
Sat May 7 07:09:11 AEST 2016

SCK wrote :
> Hi,
> Nessus tool identified AIX servers are configured with vulnerable ciphers.As a remediation I have made proper changes in sshd_config file. Stop the sshd daemon and start sshd 
> Still Issue persist. I have checked on one system post system reboot vulnerabilities went off. 
> Is there any other way by which I can remove the vulnerabilities without rebooting the servers.
> Sunil

>From what you write, it looks like "something" needs to be restarted,
not only the sshd daemon.

I remember hitting a bug on AIX a few years ago [1]. It was linked
to CryptoLite library (some acceleration lib for crypto operation).
That library came with a kernel module. May be you should have a
look there ? Just an idea.


[1] : http://thread.gmane.org/gmane.network.openssh.devel/19176

More information about the openssh-unix-dev mailing list