bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-29 15:48 UTC
[Bug 2671] New: make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Bug ID: 2671
Summary: make possible to remove default
ciphers/kexalgorithms/mac algorithms
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: cristian.ionescu-idbohrn at axis.com
Would it be possible to add the option of adding a '-' character prefix
(in the same manner as appending algorithms currently works:
"if the specified value begins with a '+' character, then the
specified
algorithms will be appended to the default set instead of replacing
them.") in order to remove default algorithms?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Feb-03 07:00 UTC
[Bug 2671] make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
Status|NEW |ASSIGNED
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2939
--> https://bugzilla.mindrot.org/attachment.cgi?id=2939&action=edit
Support =- syntax for algorithms
This isn't particularly hard to do, but it requires a little
refactoring.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Feb-03 23:16 UTC
[Bug 2671] make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2647
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
applied in:
commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Feb 3 23:01:19 2017 +0000
upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in
bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:03 UTC
[Bug 2671] make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Maybe Matching Threads
- playing around with removing algos
- playing around with removing algos
- [Bug 2715] New: for more flexibility, please support a comma ',' separated list of patterns to add to/remove from the defaults
- (rfc) too many keys, usecase?
- Patch: Ciphers, MACs and KexAlgorithms on Match