2334 – Warn when weak Ciphers are used

Bug 2334 - Warn when weak Ciphers are used

Summary: Warn when weak Ciphers are used

Status:	CLOSED WORKSFORME

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	6.7p1
Hardware:	Other Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-08 20:37 AEDT by thorsten.sick
Modified:	2021-04-23 15:10 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description thorsten.sick 2015-01-08 20:37:41 AEDT

Warn the user when the SSH client or server are using weak ciphers. 

This can be done by default, when using -v or on a specific test-security parameter.

Client and Server settings should be tested.

According to

https://stribika.github.io/2015/01/04/secure-secure-shell.html

Many ciphers (but not all) are either weak or broken. By having an automatic test in the tools we can improve the settings of the currently used servers and clients. That would improve the average security level in a simple anbd efficient way.

Comment 1 Damien Miller 2015-10-06 11:31:23 AEDT

Our policy is to remove weak ciphers from the configuration. Users need to take explicit action to enable them, and I don't think adding a warning on top of offers the right benefit:hassle ratio.

Comment 2 Damien Miller 2021-04-23 15:10:41 AEST

closing resolved bugs as of 8.6p1 release

Comment 3 Damien Miller 2021-04-23 15:10:43 AEST

closing resolved bugs as of 8.6p1 release