Dennis Clarke wrote:
There .. see that ? The remote rev is "Sun_SSH_1.1" and not OpenSSH.
If I drop the cipher length to aes128-cbc then I see this :
$ ssh -2 -4 -e\^ -l dclarke -c aes128-cbc -v 192.168.35.123
That is because this was designed (aka HACKED ON) for the Solaris
binary product. There are (may still be, I'm working on tracking this
down) IMPORT restrictions for cryptographic software for some countries
that required us to cap the symetric cipher key length at 128 bit.
Unlike some other parts of Solaris SSH doesn't "jump up" to 256 bit AES
when SUNWcry/SUNWcryr are installed. This is due to the way that the
cipher suites are hardcoded in the code base.
I really hope that all the IMPORT restrictions have gone now and I
will be able to finish off the project to remove SUNWcry/SUNWcryr and
have us just ship full strength crypto all the time.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
