> On Aug 8, 2016, at 10:45 PM, Warner Losh wrote:
>
> On Mon, Aug 8, 2016 at 4:41 AM, Dag-Erling Smørgrav wrote:
>> Warner Losh writes:
>>> Andrey Chernov writes:
FreeBSD 11 is not released yet (betas are not counted),
On Mon, Aug 8, 2016 at 1:25 AM, Brooks Davis wrote:
> On Sun, Aug 07, 2016 at 03:48:44PM -0700, Xin Li wrote:
>>
>>
>> On 8/7/16 14:20, Warner Losh wrote:
>> >
>> >> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
>> >>
>> >>> OTOH, FreeBSD has a
On Mon, Aug 8, 2016 at 4:41 AM, Dag-Erling Smørgrav wrote:
> Warner Losh writes:
>> Andrey Chernov writes:
>> > FreeBSD 11 is not released yet (betas are not counted), stable-10 too,
>> > so it is right time to deprecate for them.
>> Nice try,
On 7 Aug 2016, at 7:40, Bruce Simpson wrote:
> On 07/08/16 11:58, Bruce Simpson wrote:
>> Is there a way to revert this change, at least on an ongoing
>> operational basis (e.g. configuration file) for those of us who
>> use FreeBSD to connect directly to such devices?
>
> I was able to override
On Sun, Aug 07, 2016 at 03:48:44PM -0700, Xin Li wrote:
>
>
> On 8/7/16 14:20, Warner Losh wrote:
> >
> >> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
> >>
> >>> OTOH, FreeBSD has a documented deprecation process that says things will
> >>> continue working for a major
Warner Losh writes:
> Andrey Chernov writes:
> > FreeBSD 11 is not released yet (betas are not counted), stable-10 too,
> > so it is right time to deprecate for them.
> Nice try, but feature freeze was months ago. Have you got buy in from the
> security
On Mon, Aug 08, 2016 at 11:40:55AM +0100, Bruce Simpson wrote:
> On 08/08/16 11:36, Dag-Erling Smørgrav wrote:
> > Bruce Simpson writes:
> > > Alcatel-Lucent OmniSwitch 6800 login broken
> ...
> > This patch did not remove weak DH groups. That happened in 7.0p1 back
> > in
On 08/08/16 11:36, Dag-Erling Smørgrav wrote:
Bruce Simpson writes:
Alcatel-Lucent OmniSwitch 6800 login broken
...
This patch did not remove weak DH groups. That happened in 7.0p1 back
in January.
So my reading of this is that PuTTy may be the best workaround for
Bruce Simpson writes:
> Alcatel-Lucent OmniSwitch 6800 login broken (pfSense 2.3.2 which
> accepted the upstream change, workaround no-go)
>
> [2.3.2-RELEASE][r...@gw.lab]/root: ssh -l admin
> -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.XXX
>
Andrey Chernov writes:
> You should address your complains to original openssh author instead, it
> was his decision to get rid of weak algos. In my personal opinion, if
> your hardware is outdated, just drop it out. We can't turn our security
> team into compatibility team, by
On 08.08.2016 1:48, Xin Li wrote:
> Well, despite the fact that I have to admit that I get locked out from
> my own storage box too, however (even without wearing any hat) I am for
> the change and would blame myself for being lazy in adopting the change
> when the upstream have announced it
On 08.08.2016 0:28, Andrey Chernov wrote:
> On 08.08.2016 0:20, Warner Losh wrote:
>>
>>> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
>>>
OTOH, FreeBSD has a documented deprecation process that says things will
continue working for a major release after being
On 8/7/16 14:20, Warner Losh wrote:
>
>> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
>>
>>> OTOH, FreeBSD has a documented deprecation process that says things will
>>> continue working for a major release after being formally deprecated.
>>
>> FreeBSD 11 is not
On 08.08.2016 0:20, Warner Losh wrote:
>
>> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
>>
>>> OTOH, FreeBSD has a documented deprecation process that says things will
>>> continue working for a major release after being formally deprecated.
>>
>> FreeBSD 11 is not
> On Aug 7, 2016, at 3:11 PM, Andrey Chernov wrote:
>
>> OTOH, FreeBSD has a documented deprecation process that says things will
>> continue working for a major release after being formally deprecated.
>
> FreeBSD 11 is not released yet (betas are not counted), stable-10
On 07.08.2016 22:56, Slawa Olhovchenkov wrote:
> On Sun, Aug 07, 2016 at 10:42:56PM +0300, Andrey Chernov wrote:
>
>> On 07.08.2016 22:10, Slawa Olhovchenkov wrote:
>>> On Sun, Aug 07, 2016 at 10:02:52PM +0300, Andrey Chernov wrote:
>>>
On 07.08.2016 21:52, Slawa Olhovchenkov wrote:
>>
On 2016-Aug-07 15:25:54 +0300, Andrey Chernov wrote:
>You should address your complains to original openssh author instead, it
>was his decision to get rid of weak algos.
No. It's up to the person who imported the code into FreeBSD to understand
why the change was made and to
On Sun, Aug 07, 2016 at 10:42:56PM +0300, Andrey Chernov wrote:
> On 07.08.2016 22:10, Slawa Olhovchenkov wrote:
> > On Sun, Aug 07, 2016 at 10:02:52PM +0300, Andrey Chernov wrote:
> >
> >> On 07.08.2016 21:52, Slawa Olhovchenkov wrote:
> Why you still not
> send your opinion to the
On 07.08.2016 22:10, Slawa Olhovchenkov wrote:
> On Sun, Aug 07, 2016 at 10:02:52PM +0300, Andrey Chernov wrote:
>
>> On 07.08.2016 21:52, Slawa Olhovchenkov wrote:
Why you still not
send your opinion to the author?
>>>
>>> I am not sure about suitable response from autor.
>>> May
On Sun, Aug 07, 2016 at 10:02:52PM +0300, Andrey Chernov wrote:
> On 07.08.2016 21:52, Slawa Olhovchenkov wrote:
> >> Why you still not
> >> send your opinion to the author?
> >>
> >
> > I am not sure about suitable response from autor.
> > May be project [FreeBSD] choise some compromise.
>
>
On 07.08.2016 21:52, Slawa Olhovchenkov wrote:
>> Why you still not
>> send your opinion to the author?
>>
>
> I am not sure about suitable response from autor.
> May be project [FreeBSD] choise some compromise.
IMHO blindly choosing some compromise without asking author's opinion
first will be
On Sun, Aug 07, 2016 at 09:34:51PM +0300, Andrey Chernov wrote:
> On 07.08.2016 21:23, Slawa Olhovchenkov wrote:
> > On Sun, Aug 07, 2016 at 09:06:37PM +0300, Andrey Chernov wrote:
> >
> >> On 07.08.2016 20:43, Andrey Chernov wrote:
> >>> On 07.08.2016 20:37, Slawa Olhovchenkov wrote:
> On
On 07.08.2016 21:23, Slawa Olhovchenkov wrote:
> On Sun, Aug 07, 2016 at 09:06:37PM +0300, Andrey Chernov wrote:
>
>> On 07.08.2016 20:43, Andrey Chernov wrote:
>>> On 07.08.2016 20:37, Slawa Olhovchenkov wrote:
On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote:
> On
On 07.08.2016 20:43, Andrey Chernov wrote:
> On 07.08.2016 20:37, Slawa Olhovchenkov wrote:
>> On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote:
>>
>>> On 07.08.2016 20:31, Andrey Chernov wrote:
On 07.08.2016 19:14, Bruce Simpson wrote:
> On 07/08/16 15:40, Warner Losh
On 07.08.2016 20:37, Slawa Olhovchenkov wrote:
> On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote:
>
>> On 07.08.2016 20:31, Andrey Chernov wrote:
>>> On 07.08.2016 19:14, Bruce Simpson wrote:
On 07/08/16 15:40, Warner Losh wrote:
> That’s a cop-out answer. We, as a
On 07.08.2016 20:31, Andrey Chernov wrote:
> On 07.08.2016 19:14, Bruce Simpson wrote:
>> On 07/08/16 15:40, Warner Losh wrote:
>>> That’s a cop-out answer. We, as a project, need to articulate to our
>>> users, whom we care about, why this rather obnoxious hit to usability
>>> was taken. The
On 07.08.2016 19:14, Bruce Simpson wrote:
> On 07/08/16 15:40, Warner Losh wrote:
>> That’s a cop-out answer. We, as a project, need to articulate to our
>> users, whom we care about, why this rather obnoxious hit to usability
>> was taken. The answer must be more complete than “We just disabled
On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote:
> On 07.08.2016 20:31, Andrey Chernov wrote:
> > On 07.08.2016 19:14, Bruce Simpson wrote:
> >> On 07/08/16 15:40, Warner Losh wrote:
> >>> That’s a cop-out answer. We, as a project, need to articulate to our
> >>> users, whom we
On 07/08/16 18:34, Andrey Chernov wrote:
Alcatel-Lucent OmniSwitch 6800 login broken (pfSense 2.3.2 which
accepted the upstream change, workaround no-go)
[2.3.2-RELEASE][r...@gw.lab]/root: ssh -l admin
-oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.XXX
Fssh_ssh_dispatch_run_fatal:
On 07.08.2016 20:31, Andrey Chernov wrote:
> On 07.08.2016 19:14, Bruce Simpson wrote:
>> On 07/08/16 15:40, Warner Losh wrote:
>>> That’s a cop-out answer. We, as a project, need to articulate to our
>>> users, whom we care about, why this rather obnoxious hit to usability
>>> was taken. The
On 07/08/16 15:40, Warner Losh wrote:
That’s a cop-out answer. We, as a project, need to articulate to our
users, whom we care about, why this rather obnoxious hit to usability
was taken. The answer must be more complete than “We just disabled
it because upstream disabled it for reasons we’re
On 07.08.2016 17:40, Warner Losh wrote:
>
>> On Aug 7, 2016, at 7:21 AM, Andrey Chernov wrote:
>>>
We can't turn our security
team into compatibility team, by constantly restoring removed code, such
code quickly becomes outdated and may add new security holes
> On Aug 7, 2016, at 7:21 AM, Andrey Chernov wrote:
>>
>>> We can't turn our security
>>> team into compatibility team, by constantly restoring removed code, such
>>> code quickly becomes outdated and may add new security holes even being
>>> inactive.
>>
>> What is security
On 07.08.2016 15:52, Slawa Olhovchenkov wrote:
>> You should address your complains to original openssh author instead, it
>> was his decision to get rid of weak algos. In my personal opinion, if
>> your hardware is outdated, just drop it out.
>
> Hardware outdated by outdated main function, not
On Sun, Aug 07, 2016 at 03:25:54PM +0300, Andrey Chernov wrote:
> On 07.08.2016 14:59, Bruce Simpson wrote:
> > On 07/08/16 12:43, Oliver Pinter wrote:
> >>> I was able to override this (somewhat unilateral, to my mind)
> >>> deprecation of the DH key exchange by using this option:
> >>>
2016-08-07 14:25 GMT+02:00 Andrey Chernov :
> You should address your complains to original openssh author instead, it
> was his decision to get rid of weak algos. In my personal opinion, if
> your hardware is outdated, just drop it out. We can't turn our security
> team into
On 07.08.2016 14:59, Bruce Simpson wrote:
> On 07/08/16 12:43, Oliver Pinter wrote:
>>> I was able to override this (somewhat unilateral, to my mind)
>>> deprecation of the DH key exchange by using this option:
>>> -oKexAlgorithms=+diffie-hellman-group1-sha1
>>
>> You can add this option to
On 07/08/16 12:43, Oliver Pinter wrote:
I was able to override this (somewhat unilateral, to my mind)
deprecation of the DH key exchange by using this option:
-oKexAlgorithms=+diffie-hellman-group1-sha1
You can add this option to /etc/ssh/ssh.conf or ~/.ssh/config too.
Can this at least be
On 8/7/16, Bruce Simpson wrote:
> On 07/08/16 11:58, Bruce Simpson wrote:
>> Is there a way to revert this change, at least on an ongoing operational
>> basis (e.g. configuration file) for those of us who use FreeBSD to
>> connect directly to such devices?
>
> I was able to
On 07/08/16 11:58, Bruce Simpson wrote:
Is there a way to revert this change, at least on an ongoing operational
basis (e.g. configuration file) for those of us who use FreeBSD to
connect directly to such devices?
I was able to override this (somewhat unilateral, to my mind)
deprecation of
DES,
I believe this breaks logging into various embedded network devices,
unfortunately. E.g. the Netonix WISP Switch, which uses an embedded
Linux variant with dropbear 0.51. It is expecting to use DSA not RSA for
the key exchange.g
Is there a way to revert this change, at least on an
On Wed, Aug 03, 2016 at 04:08:22PM +, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Wed Aug 3 16:08:21 2016
> New Revision: 303716
> URL: https://svnweb.freebsd.org/changeset/base/303716
>
> Log:
> Remove DSA from default cipher list and disable SSH1.
>
> Upstream did this a long
Benjamin Kaduk writes:
> Which branch(es) are MFC targets?
It will be merged to stable/11 before the release and documented in the
release notes.
> (Does POLA no longer apply to them?)
Things change over time. Such is the nature of software (and of life).
POLA does not mean
On Wed, Aug 3, 2016 at 11:08 AM, Dag-Erling Smørgrav
wrote:
> Author: des
> Date: Wed Aug 3 16:08:21 2016
> New Revision: 303716
> URL: https://svnweb.freebsd.org/changeset/base/303716
>
> Log:
> Remove DSA from default cipher list and disable SSH1.
>
> Upstream did this a
44 matches
Mail list logo