[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#806962: No supported cipher blowfish breaks systems

On Thu, 3 Dec 2015 16:14:16 +0100 Klaus Ethgen <Klaus@Ethgen.de> wrote:
> Source: openssh
> Version: 1:7.1p1-1
> Severity: important
> The new version comes without blowfish cipher. That breaks access to
> systems that only allows blowfish cipher. This is a major concern as
> afterwards it is not possible anymore to get back access to such
> systems.
> Please at least display a big warning when updating the package that
> admins are able to postpone the update. Currently that change is not
> even seen in changelog.
> [...]


For reference, I have added a note to the Debian Release Notes for
Stretch about OpenSSH dropping ciphers and protocols by default.

It will be available on-line in a couple of hours at:

Reviews welcome.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: