similar to: No subject

> On Thu, 6 Apr 2006, Miller, Damien wrote: > > > > > Does OpenSSH 4.3 support the use of the TLS ciphersuites that are > > supported in OpenSSL? > > If so, is this a compile time option or a run-time option? > Or can sshd > > support both the SSL and TLS ciphersuites at the same time? > > OpenSSH doesn't use SSL or TLS - the SSH protocol

I've installed grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit lib-ssl-iostream: Support TLSv1.3 ciphersuites

Does OpenSSH 4.3 support the use of the TLS ciphersuites that are supported in OpenSSL 0.9.8? If so, is this a compile time option or a run-time option? Or can ssh and sshd support both the SSL and TLS ciphersuites at the same time? Jim Humphreys

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

Why are legacy MACs (like md5-96), and legacy Ciphers (anything in cbc-mode, arcfour*(?)) enabled by default? My proposal would be to change the defaults for ssh_config and sshd_config to contain: MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr ...removing md5, truncated versions of sha1, umac64 (for which I can find barely any review), any cipher in cbc

Hi, In a recent security review some systems I manage were flagged due to supporting "weak" ciphers, specifically the ones listed below. So first question is are people generally modifying the list of ciphers supported by the ssh client and sshd? On CentOS 6 currently it looks like if I remove all the ciphers they are concerned about then I am left with Ciphers

Hello there. The FreeBSD-SA-04:05.openssl Security Advisory announced a "null-pointer assignment during SSL handshake" DoS vulnerability. However, the OpenSSH Security Advisory of 17 March 2004 announced the same vulnerability with one more vulnerability. Look at http://www.openssl.org/news/secadv_20040317.txt Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects

Am 19.10.2016 um 00:58 schrieb Gordon Messmer <gordon.messmer at gmail.com>: > On 10/18/2016 03:28 PM, Clint Dilks wrote: >> So first >> question is are people generally modifying the list of ciphers supported by >> the ssh client and sshd? > > I suspect that "generally" people are not. I do, because I can, and so that I can offer at least some advice

https://bugzilla.mindrot.org/show_bug.cgi?id=1801 Summary: cipher_spec section of ssh man page needs update Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

Hi, I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the ssh_config file the host key will always negotiate to a wrong one. In my case it will negotiate to "ecdsa-sha2-nistp256". The client was already configured with the servers rsa public key, before the change I added to the ssh_config file I could see from the debug that server and client will negotiate

On 2020-02-06 at 13:28 +1100, Darren Tucker wrote: > Like this. > --- a/sshd_config.5 > +++ b/sshd_config.5 The ssh_config.5 also has a copy of this and presumably needs the same change, unless I've misunderstood. -Phil

OK, I updated the text to LangRef in r209507 after some editing. On 05/11/2014 12:36 PM, Pekka Jääskeläinen wrote: > Hi, > > This looks good to me except that the first sentence > could already include "that refer to the same loop" or > similar. > > I could imagine that e.g. loop invariant code motion, > if applied to a parallel loop could hoist code out of >

More precisely, for a simd loop, if the safelen(VL) clause is specified, there should have no loop-carried lexical backward data dependency within the specified safe vector length VL. We will make this clear in the OpenMP 4.1 spec. Xinmin Tian (Intel) -----Original Message----- From: llvmdev-bounces at cs.uiuc.edu [mailto:llvmdev-bounces at cs.uiuc.edu] On Behalf Of Hal Finkel Sent:

Will do. I will write something up. Hal, your concern below isn't so much with the proposed semantics but rather with the use - that optimizations must respect the loop for which the metadata applies, correct? Thanks Jon -----Original Message----- From: Hal Finkel [mailto:hfinkel at anl.gov] Sent: Monday, May 05, 2014 4:00 AM To: Tobias Grosser Cc: Pekka Jääskeläinen; Humphreys, Jonathan;

I propose that we change the first paragraph of http://llvm.org/docs/LangRef.html#llvm-mem-parallel-loop-access-metadata: --- For a loop to be parallel, in addition to using the llvm.loop metadata to mark the loop latch branch instruction, also all of the memory accessing instructions in the loop body need to be marked with the llvm.mem.parallel_loop_access metadata. If there is at least one

Once upon a time, Erik Laxdal <elaxdal at ece.uvic.ca> said: > The supported KexAlgorithms, Ciphers, and MACs are generally listed > in the sshd_config man page. So 'man sshd_config' then look for the > section of the item of interest. Note that the man page does not always match the actual compiled binary (the build process does not update the man page to match

Yes, I think the 2 outcomes are: - the current spec is unclear and will be clarified - in order to support safelen() and even the simd construct itself, LLVM will require infrastructure work to know when a lexically backwards dependence may have been introduced. Jon -----Original Message----- From: Tian, Xinmin [mailto:xinmin.tian at intel.com] Sent: Monday, September 29, 2014 10:43 AM To:

It's a problem in the OpenMP specification. The authors (including some from Intel) intended that the OpenMP simd construct assert no lexically backward dependences exist, but as you say, it's not obvious from the spec. One of our OpenMP community members is going to bring up the ambiguity with the OpenMP committee. - Arch -----Original Message----- From: Humphreys, Jonathan

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a