On Tue, Jul 06, 2021 at 01:02:49PM -0400, Stefan Monnier wrote:
I think the first reaction should be to report it as a bug, so that the
old cipher is re-added. I think the same argument in favor of including
the "none" cipher should apply to including old deprecated ciphers.
The old ciphers are generally removed for a reason: because they are hugely
insecure.
If they have buffer overflow-style holes, those should be fixed.
Other than that I can't see how they can be less secure than the "none" cipher.
I guess since the "none" cipher isn't supported in debian's ssh you will
just drop this questionable line of argument?
