Re-add AES-CBC ciphers to the default cipher list on the server.

PR: 207679
author: des <des@FreeBSD.org> 2016-03-11 00:23:10 +0000
committer: des <des@FreeBSD.org> 2016-03-11 00:23:10 +0000
commit: ba453f42f3c1044974096e29cb9098cb78db20e5 (patch)
tree: 98f72e25491cb0731e1b80367228fc8b1ab82ea8 /crypto/openssh/FREEBSD-upgrade
parent: bb6f58c772c321121b8148fe7726de90f90e1dec (diff)
download: FreeBSD-src-ba453f42f3c1044974096e29cb9098cb78db20e5.zip
FreeBSD-src-ba453f42f3c1044974096e29cb9098cb78db20e5.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade
index 7acd51f..43e2a74 100644
--- a/crypto/openssh/FREEBSD-upgrade
+++ b/crypto/openssh/FREEBSD-upgrade
@@ -1,4 +1,3 @@
-
 	    FreeBSD maintainer's guide to OpenSSH-portable
 	    ==============================================
 
@@ -166,6 +165,13 @@
    ignore HPN-related configuration options to avoid breaking existing
    configurations.
 
+A) AES-CBC
+
+   The AES-CBC ciphers were removed from the server-side proposal list
+   in 6.7p1 due to theoretical weaknesses and the availability of
+   superior ciphers (including AES-CTR and AES-GCM).  We have re-added
+   them for compatibility with third-party clients.
+
 
 
 This port was brought to you by (in no particular order) DARPA, NAI
author	des <des@FreeBSD.org>	2016-03-11 00:23:10 +0000
committer	des <des@FreeBSD.org>	2016-03-11 00:23:10 +0000
commit	ba453f42f3c1044974096e29cb9098cb78db20e5 (patch)
tree	98f72e25491cb0731e1b80367228fc8b1ab82ea8 /crypto/openssh/FREEBSD-upgrade
parent	bb6f58c772c321121b8148fe7726de90f90e1dec (diff)
download	FreeBSD-src-ba453f42f3c1044974096e29cb9098cb78db20e5.zip FreeBSD-src-ba453f42f3c1044974096e29cb9098cb78db20e5.tar.gz