openssh unix dev - Feb 2009 - openssh and SSLv2 ciphers

Hi,

I am trying to confirm that openssh transmissions do not use any kind of
SSLv2 ciphers.  I have glanced through the code briefly, and I did not
find any indication that any openssl ciphers are even being used (it
appears that openssl is used primarily for RSA key generation and select
other things).  So openssh uses its own built-in ciphers instead, right?

Thanks for the assistance,
Steven

Smith, Steven G (Steven) wrote:
> I am trying to confirm that openssh transmissions do not use any
> kind of SSLv2 ciphers.
Please see the Ciphers keyword in ssh_config(5) and sshd_config(5).


//Peter

On Thu, 26 Feb 2009, Smith, Steven G (Steven) wrote:
> Hi,
>
> I am trying to confirm that openssh transmissions do not use any kind
> of SSLv2 ciphers. I have glanced through the code briefly, and I did
> not find any indication that any openssl ciphers are even being used
> (it appears that openssl is used primarily for RSA key generation
> and select other things). So openssh uses its own built-in ciphers
> instead, right?
OpenSSH can use some of the same ciphers as SSLv2, and these ciphers
come from OpenSSL's libcrypto library but they are used somewhat
differently to SSL. Indeed, OpenSSL's actual SSL/TLS library (libssl) is
separate to its crypto library.

-d