--On Wednesday, January 28, 2009 11:50:49 AM +0100 Jan Pechanec 
<Jan.Pechanec at Sun.COM> wrote:

> On Tue, 27 Jan 2009, Nicolas Williams wrote:
>
>> On Tue, Jan 27, 2009 at 11:31:07PM +0100, Jan Pechanec wrote:
>>>     could you give me an example? All clients I checked had AES-CTR or
>>> arcfour support. I'm sure there are some but I don't believe they would
>>> be  widely used. The problem for us was that S9 machines were shipped
>>> with  explicit Ciphers setting which didn't contain AES-CTR nor
>>> arcfour, not that  the server itself wouldn't support them as such.
>>
>> I sent you a list of all the clients I looked at, and many had only CBC
>> mode ciphers, though all such clients were marginal clients (e.g., Ruby
>> Net:SSH has only CBC mode ciphers, but Perl Net:SSH has arcfour, the
>> palm ssh client has only CBC mode ciphers, ...).
>
>       I found the email and it seems to me that only pssh and
> Ruby's Net:SSH were mentioned as not capable of AES-CTR nor arcfour.
>
>       I checked again quite a few clients today, including those in
> Dropbear, TeraTerm, AbsoluteTelnet, putty, libssh2, lsh, cURL, Tectia,
> VanDyke - all support either AES-CTR or arcfour (or both).
>
>       there are some implementations that are commercial with no info on
> cipher modes availabe, PenguinNet, for example.
>
>       I'm wondering what were those clients that Jeff hit when trying to
> convert to CTR modes.

One was pssh, for which I still have no updated version.  We also had 
problems with older versions of putty and xwin32, but I believe both of 
those were fixed by upgrading.  I don't know whether other clients were 
affected; I didn't handle most of the reports directly.

I do know we had problems with the servers in some cisco equipemnt not 
supporting ctr modes.  I imagine their client has the same problem, unless 
it has been fixed in a newer version.

-- Jeff


Reply via email to