https://bugzilla.mindrot.org/show_bug.cgi?id=3862
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #2 from Damien Miller <[email protected]> --- As Darren said, the version string is an important compatibility mechanism. Conversely, hiding the version string provides no security benefit. Attackers can fingerprint implementations quite easily and attempt attacks blindly where they can't determine the peer's version. The effect is the same. Hiding the version is likely to be a security *cost* as it makes finding outdated versions in one's own infrastructure significantly more difficult. For these reasons we won't be implementing this. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
