openssh bugs - Jan 2017 - [Bug 2671] New: make possible to remove default ciphers/kexalgorithms/mac algorithms

https://bugzilla.mindrot.org/show_bug.cgi?id=2671

            Bug ID: 2671
           Summary: make possible to remove default
                    ciphers/kexalgorithms/mac algorithms
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cristian.ionescu-idbohrn at axis.com

Would it be possible to add the option of adding a '-' character prefix
(in the same manner as appending algorithms currently works:
"if the specified value begins with a '+' character, then the
specified
algorithms will be appended to the default set instead of replacing
them.") in order to remove default algorithms?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2671

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
             Status|NEW                         |ASSIGNED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2939
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2939&action=edit
Support =- syntax for algorithms

This isn't particularly hard to do, but it requires a little
refactoring.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2671

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2647
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
applied in:

commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Feb 3 23:01:19 2017 +0000

    upstream commit

    support =- for removing methods from algorithms lists,
    e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in
bz#2671 "I like
    it" markus@

    Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2671

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.