On Tue, Jul 06, 2021 at 01:02:49PM -0400, Stefan Monnier wrote:
I think the first reaction should be to report it as a bug, so that the old cipher is re-added. I think the same argument in favor of including the "none" cipher should apply to including old deprecated ciphers.The old ciphers are generally removed for a reason: because they are hugely insecure.If they have buffer overflow-style holes, those should be fixed. Other than that I can't see how they can be less secure than the "none" cipher.
I guess since the "none" cipher isn't supported in debian's ssh you will just drop this questionable line of argument?