From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: OpenSSH update Date: Tue, 01 Mar 2016 21:52:04 +0100 Message-ID: <87y4a1or9n.fsf@gnu.org> References: <20160301201408.GA31256@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53815) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aarH9-0001sN-0p for guix-devel@gnu.org; Tue, 01 Mar 2016 15:52:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aarH5-0005Xa-0g for guix-devel@gnu.org; Tue, 01 Mar 2016 15:52:10 -0500 In-Reply-To: <20160301201408.GA31256@jasmine> (Leo Famulari's message of "Tue, 1 Mar 2016 15:14:08 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > OpenSSH has released a new version, 7.2p1: > http://www.openssh.com/txt/release-7.2 > > There are some new features and many fixed bugs. > > Here are the incompatible changes, copied from the link above. If there > are no objections I will apply the update. > > Potentially-incompatible changes > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > > This release disables a number of legacy cryptographic algorithms > by default in ssh: > > * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants > and the rijndael-cbc aliases for AES. > > * MD5-based and truncated HMAC algorithms. > > These algorithms are already disabled by default in sshd. Sounds reasonable to me. Thanks! Ludo=E2=80=99.