https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207679
Bug ID: 207679
Summary: r295367 import of OpenSSH drops support for some
ciphers
Product: Base System
Version: 10.3-BETA2
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
The import of the latest version of OpenSSH into RELENG_10 drops ciphers such
as aes128-cbc from the server. I had a few lightweight clients using
aes128-cbc (e.g alix boxes) to make use of the hardware crypto that broke as a
result.
e.g. from a client going to a host that has r295367 applied.
ssh -c aes128-cbc [email protected]
no matching cipher found: client aes128-cbc server
[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
and running sshd -ddd
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit:
[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
[preauth]
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:
[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[preauth]
debug2: kex_parse_kexinit:
[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[preauth]
debug2: kex_parse_kexinit:
[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit:
[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit: none,[email protected],zlib [preauth]
debug2: kex_parse_kexinit: none,[email protected],zlib [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
Unable to negotiate with xx.yy.zz.146: no matching cipher found. Their
offer: aes128-cbc [preauth]
debug1: do_cleanup [preauth]
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
