On Thu, 26 Feb 2009, Smith, Steven G (Steven) wrote:
> Hi,
>
> I am trying to confirm that openssh transmissions do not use any kind
> of SSLv2 ciphers. I have glanced through the code briefly, and I did
> not find any indication that any openssl ciphers are even being used
> (it appears that openssl is used primarily for RSA key generation
> and select other things). So openssh uses its own built-in ciphers
> instead, right?
OpenSSH can use some of the same ciphers as SSLv2, and these ciphers
come from OpenSSL's libcrypto library but they are used somewhat
differently to SSL. Indeed, OpenSSL's actual SSL/TLS library (libssl) is
separate to its crypto library.
-d