From 34a2f67d190b0aebb57e8fc44ba9a925ee1d1778 Mon Sep 17 00:00:00 2001 From: emaste Date: Tue, 28 Jul 2020 00:24:12 +0000 Subject: [PATCH] ssh: Remove AES-CBC ciphers from default server and client lists A base system OpenSSH update in 2016 or so removed a number of ciphers from the default lists offered by the server/client, due to known weaknesses. This caused POLA issues for some users and prompted PR207679; the ciphers were restored to the default lists in r296634. When upstream removed these ciphers from the default server list, they moved them to the client-only default list. They were subsequently removed from the client default, in OpenSSH 7.9p1. The change has persisted long enough. Remove these extra ciphers from both the server and client default lists, in advance of FreeBSD 13. Reviewed by: markm, rgrimes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25833 --- crypto/openssh/FREEBSD-upgrade | 7 ------- crypto/openssh/myproposal.h | 4 +--- crypto/openssh/sshd_config.5 | 3 +-- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 6dcfae91fb1..27e738bee2d 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -168,13 +168,6 @@ ignore HPN-related configuration options to avoid breaking existing configurations. -9) AES-CBC - - The AES-CBC ciphers were removed from the server-side proposal list - in 6.7p1 due to theoretical weaknesses and the availability of - superior ciphers (including AES-CTR and AES-GCM). We have re-added - them for compatibility with third-party clients. - This port was brought to you by (in no particular order) DARPA, NAI diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index d5a1b7a2fa2..27b4a15a127 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,5 +1,4 @@ /* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */ -/* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -122,8 +121,7 @@ #define KEX_SERVER_ENCRYPT \ "chacha20-poly1305@openssh.com," \ "aes128-ctr,aes192-ctr,aes256-ctr" \ - AESGCM_CIPHER_MODES \ - ",aes128-cbc,aes192-cbc,aes256-cbc" + AESGCM_CIPHER_MODES #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 8176078319d..3f935da9b57 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -495,8 +495,7 @@ The default is: .Bd -literal -offset indent chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com, -aes128-cbc,aes192-cbc,aes256-cbc +aes128-gcm@openssh.com,aes256-gcm@openssh.com .Ed .Pp The list of available ciphers may also be obtained using -- 2.45.0