From owner-freebsd-security@freebsd.org Sat Jan 23 01:59:00 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BCA98A8DA06; Sat, 23 Jan 2016 01:59:00 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 92DA81D93; Sat, 23 Jan 2016 01:59:00 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-229-231.lns20.per1.internode.on.net [121.45.229.231]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u0N1wn9J071906 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 22 Jan 2016 17:58:52 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: HPN and None options in OpenSSH To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= , freebsd-current@freebsd.org, freebsd-stable@freebsd.org, freebsd-security@freebsd.org References: <86mvrxvg79.fsf@desk.des.no> From: Julian Elischer Message-ID: <56A2DE54.6070603@freebsd.org> Date: Sat, 23 Jan 2016 09:58:44 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <86mvrxvg79.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jan 2016 01:59:00 -0000 On 22/01/2016 10:31 PM, Dag-Erling Smørgrav wrote: > The HPN and None cipher patches have been removed from FreeBSD-CURRENT. > I intend to remove them from FreeBSD-STABLE this weekend. > > The HPN patches were of limited usefulness and required a great deal of > effort to maintain in our tree. The None cipher patch was less onerous, > but it was a terrible idea with a very small user base since it was a > compile-time option and off by default. > > The HPN-related configuration variables have been marked deprecated, > while those related to the None cipher have been marked unsupported. > This means that the former will be accepted with a warning, whereas the > latter will result in an error. > > Most users will not be affected by this change. Those who are should > switch to the openssh-portable port, which still offers both patches, > with HPN enabled by default. > > It is expected that FreeBSD 10.3 will ship with OpenSSH 7.1p2, with a > number of modifications intended to reduce the impact of upstream > changes on existing systems. what is the internal window size in the new ssh? > > DES