--On Tuesday, January 27, 2009 10:51:59 PM +0100 Jan Pechanec <Jan.Pechanec at Sun.COM> wrote:
> hi Jeff, we still go with the solution of removing the CBC modes > from the default server side list. That's the only way to force the > client to choose something else in case that the CBC mode was the first > in the list (OpenSSH, for example). Unfortunately, this is true. Note that in OpenSSH, the order of the client's list is configurable. It's too bad that the default lists the available ciphers in pretty much exactly the opposite of the order in which they should be listed. > however, we keep all modes on the client side for backward > compatibility. That's where we saw all the real problems, not on the > server side. Interesting. We only saw one case where people had problems due to a client with the new configuration trying to talk to a server that only supported CBC mode ciphers. We saw many more problems due to servers picking up the new configuration and becoming inaccessible to people with clients supporting only CBC-mode ciphers. Unfortunately, it's not always realistic to tell those people to upgrade their clients; there are a _lot_ of clients which don't support other ciphers in any version, and a lot of situations in which switching to a different client isn't feasible. -- Jeff
