-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am Do den 3. Dez 2015 um 16:23 schrieb Colin Watson: > On Thu, Dec 03, 2015 at 04:14:16PM +0100, Klaus Ethgen wrote: > > The new version comes without blowfish cipher. > > Erm, no it doesn't? Upstream issued a future deprecation notice > indicating that it will be disabled in future
Well, it is, but read on. > (http://www.openssh.com/txt/release-7.1) but it hasn't been yet. I just > diffed 1:6.9p1-3 against 1:7.1p1-1 and there are no changes affecting > blowfish; furthermore, the 7.1 client still advertises blowfish-cbc. In earlier versions, blowfish cipher was named "blowfish" not "blowfish-cbc". So many (as mine) configurations have configured "Cipher blowfish" (Client). That is breaking. In fact, the solution is "blowfish" -> "blowfish-cbc" but that has to be done before the upgrade. After upgrade it might be not possible anymore. Due to the deprecation note, that is a big issue. I never trust AES from the fact how it was choosen above twofish. With purging support for blowfish, that would leave not many trusted alternatives anymore. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJWYGmgAAoJEKZ8CrGAGfasqnIMAJe2LSINqhi+Ev0xX78rXhJR MPlVypxkQXbmBm+qzgaxIXMJzaEp8uy0bhs9GpZA5A2E2zd3Ysb7kL7P0u1gx/ls AkaT/y6A0M8+OyJ4EE8PzR0U/zR5Ciia6p8tjYN+nAjax7pamAlt8P2K6EInUemr +auw+w3mPvCAS1YiNG4oYoGit8H0Hphl/i8aF9zEJipTlAU8Nwh343fb8cVaJmLT lfWcljh0e6q4l3rQDlw8PusoePWNJFyHVKYp1xQErxfKMj36a+rEffg27CGhnMo4 T9/koOG1TFFSqgkvwexz1nlQANqbBKfRS2sE6kuOSPYpo7jPvbRhz9JsGX8Dgl4/ /Au+rIYqXnkEZUSNAnRZlHBVUsxuZLYMnIDvLuujSPRyrO15ysMEhnsu/uTmpvSs cWqmvwTm20B63/s0b4zQuEMWs6CeDhQXIqfoRwqRZb9vp2kvwzA7In7QSPtcfEJk fmWlHhnj+1mhELt5XyWWEPDIpTDF7dzK3hYWjns3Ig== =pi4d -----END PGP SIGNATURE-----
