Rich Teer wrote:
On Tue, 5 Sep 2006, [EMAIL PROTECTED] wrote:
Still missing the aes256-cbc ciphers etc etc for various reasons.
Mostly government export controls, not technical.
Import controls but probably not relevant anymore (we ship all the 256 bit
ciphers in a download available to almost everyone)
Given that, is there any reason why all the 256 bit cyphers can't be
included in Sun's SSH as shipped with Solaris/Solaris Express?
When Casper said it is available in a download it is a download
explicitly separate from the core Solaris media because of the import
restrictions. Namely the SUNWcry/SUNWcryr packages.
The Sun SSH (as does OpenSSH) has the ciphers hardcoded at compile time
rather than
at runtime determining which ciphers and key lengths are available. We
could change this but it requires adding a non trivial amount of code.
The plan of record is to remove the need for having separate
SUNWcry/SUNWcryr packages, I'm working with Sun Legal on this to ensure
that we can actually do this given the current regulations for import
of crypto into the previously problematic countries.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
