Bug#806962: No supported cipher blowfish breaks systems

To: 806962@bugs.debian.org
Cc: Klaus Ethgen <Klaus@Ethgen.de>
Subject: Bug#806962: No supported cipher blowfish breaks systems
From: Niels Thykier <niels@thykier.net>
Date: Thu, 3 Dec 2015 15:35:54 +0000
Message-id: <[🔎] 5660615A.3090601@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 806962@bugs.debian.org
In-reply-to: <[🔎] 20151203151414.GA15270@ikki.ethgen.ch>
References: <[🔎] 20151203151414.GA15270@ikki.ethgen.ch> <[🔎] 20151203151414.GA15270@ikki.ethgen.ch>

On Thu, 3 Dec 2015 16:14:16 +0100 Klaus Ethgen <Klaus@Ethgen.de> wrote:
> Source: openssh
> Version: 1:7.1p1-1
> Severity: important
> 
> The new version comes without blowfish cipher. That breaks access to
> systems that only allows blowfish cipher. This is a major concern as
> afterwards it is not possible anymore to get back access to such
> systems.
> 
> Please at least display a big warning when updating the package that
> admins are able to postpone the update. Currently that change is not
> even seen in changelog.
> 
> [...]

Hi,

For reference, I have added a note to the Debian Release Notes for
Stretch about OpenSSH dropping ciphers and protocols by default.

It will be available on-line in a couple of hours at:
  *
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html

Reviews welcome.

Thanks,
~Niels

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#806962: No supported cipher blowfish breaks systems
  - From: Klaus Ethgen <Klaus@Ethgen.de>

Prev by Date: Bug#806962: No supported cipher blowfish breaks systems
Next by Date: Bug#806962: No supported cipher blowfish breaks systems
Previous by thread: Bug#806962: No supported cipher blowfish breaks systems
Next by thread: Bug#806962: marked as done (No supported cipher blowfish breaks systems)
Index(es):
- Date
- Thread