[Bug 2333] forbid old Ciphers, KexAlgorithms and MACs by default
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 8 08:30:23 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2333
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
We continually review the defaults and deprecate unsafe crypto as fast
as we feel we can, but we need to ship an SSH implementation that works
with others out there. The default algorithms that are selected (ecdh
curve25519 / aes-ctr / umac-64-etm) are quite safe and there is no
downgrade attack.
There is no realistic threat against the NIST EC curves, nor against
hmac-md5.
You're welcome to make these changes to you own configurations.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list