From owner-svn-src-all@freebsd.org Fri Jan 22 22:00:44 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB976A8D9A0; Fri, 22 Jan 2016 22:00:44 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id C4C211EDB; Fri, 22 Jan 2016 22:00:44 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id BE6071B27; Fri, 22 Jan 2016 22:00:44 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 6739A1748A; Fri, 22 Jan 2016 22:00:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id 9ewuftauSvJ6; Fri, 22 Jan 2016 22:00:37 +0000 (UTC) Subject: Re: svn commit: r294495 - in head: . crypto/openssh DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 5C09717485 To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= References: <201601211110.u0LBAEI1081858@repo.freebsd.org> <86r3hauf88.fsf@desk.des.no> <56A2A27A.2020801@FreeBSD.org> <868u3he0rj.fsf@desk.des.no> Cc: Conrad Meyer , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org From: Bryan Drewery Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Organization: FreeBSD Message-ID: <56A2A68B.70900@FreeBSD.org> Date: Fri, 22 Jan 2016 14:00:43 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <868u3he0rj.fsf@desk.des.no> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bGVrLOahvgrOn8EnUupSsxSujDus58j3s" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2016 22:00:45 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bGVrLOahvgrOn8EnUupSsxSujDus58j3s Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 1/22/2016 1:56 PM, Dag-Erling Sm=C3=B8rgrav wrote: > Bryan Drewery writes: >> I've used these in sshd_config and ssh_config to restore some removed >> functionality: >> >> Ciphers +blowfish-cbc,arcfour,aes128-cbc,3des-cbc >> KexAlgorithms +diffie-hellman-group1-sha1 >=20 > Do you actually need these? Do you know of any clients or servers whic= h > do not support any of the other ciphers and key exchange algorithms > which OpenSSH offers? >=20 >> PubkeyAcceptedKeyTypes +ssh-dss,ssh-dss-cert-v01@openssh.com >> HostkeyAlgorithms +ssh-dss,ssh-dss-cert-v01@openssh.com >=20 > These are already enabled. >=20 Right. I was suggesting an alternative method to modifying these upstream files and providing deprecated and potentially insecure functionality by default. --=20 Regards, Bryan Drewery --bGVrLOahvgrOn8EnUupSsxSujDus58j3s Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWoqaLAAoJEDXXcbtuRpfPnkEH/iiYHwsg9rBO1t2d1no984Hu um0te/73HAmu33oCwEnbRLodqjuKu1h9i2kcP8p33FkW9bpNefPHLQdBYeYEnNgS e61HrGmW3m4I4Mhx8dFofIwdZ0JOQcPhaPLovkxxx6DeoiLT9Rkq5z29JXlX8IxO 2qfmodcqOkJBKQPM16wAABeu3lm6cfw8IQ9NpgoarLT4QbQ8Kb9iFZjvOWKZ8C94 v2ZR1SIjbrkyByXflYrvpRTg0Ry5FYti0xuvZ/AfjF2BmzBOIRyESAOF953wUJZ+ aiYdLevIIrrdAG9fM8yQASrJbsIhQjSfi35atn1C8UqAlcsgpl+vZLeMeOUEmHk= =PUyO -----END PGP SIGNATURE----- --bGVrLOahvgrOn8EnUupSsxSujDus58j3s--