diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-09-05 16:02:42 +0200 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2016-09-12 05:39:30 +0200 |
commit | da95318dbedbaa1335323dba370975c2f251afd8 (patch) | |
tree | 6c7802974f2fb4f63216e6665b12d0b5f34f641b /kex.c | |
parent | upstream commit (diff) | |
download | openssh-da95318dbedbaa1335323dba370975c2f251afd8.tar.xz openssh-da95318dbedbaa1335323dba370975c2f251afd8.zip |
upstream commit
remove 3des-cbc from the client's default proposal;
64-bit block ciphers are not safe in 2016 and we don't want to wait until
attacks like sweet32 are extended to SSH.
As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
cause problems connecting to older devices using the defaults, but
it's highly likely that such devices already need explicit
configuration for KEX and hostkeys anyway.
ok deraadt, markus, dtucker
Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
Diffstat (limited to 'kex.c')
0 files changed, 0 insertions, 0 deletions