CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2016/09/05 08:02:42
Modified files:
usr.bin/ssh : myproposal.h ssh_config.5
Log message:
remove 3des-cbc from the client's default proposal; 64-bit block ciphers
are not safe in 2016 and we don't want to wait until attacks like sweet32
are extended to SSH.
As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
cause problems connecting to older devices using the defaults, but
it's highly likely that such devices already need explicit
configuration for KEX and hostkeys anyway.
ok deraadt, markus, dtucker
