Bug#806962: No supported cipher blowfish breaks systems
-----BEGIN PGP SIGNED MESSAGE-----
Am Do den 3. Dez 2015 um 16:23 schrieb Colin Watson:
> On Thu, Dec 03, 2015 at 04:14:16PM +0100, Klaus Ethgen wrote:
> > The new version comes without blowfish cipher.
> Erm, no it doesn't? Upstream issued a future deprecation notice
> indicating that it will be disabled in future
Well, it is, but read on.
> (http://www.openssh.com/txt/release-7.1) but it hasn't been yet. I just
> diffed 1:6.9p1-3 against 1:7.1p1-1 and there are no changes affecting
> blowfish; furthermore, the 7.1 client still advertises blowfish-cbc.
In earlier versions, blowfish cipher was named "blowfish" not
"blowfish-cbc". So many (as mine) configurations have configured "Cipher
blowfish" (Client). That is breaking. In fact, the solution is
"blowfish" -> "blowfish-cbc" but that has to be done before the upgrade.
After upgrade it might be not possible anymore.
Due to the deprecation note, that is a big issue. I never trust AES from
the fact how it was choosen above twofish. With purging support for
blowfish, that would leave not many trusted alternatives anymore.
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----