#

# Removes cast128-cbc support.

#

# At this moment this algorithm is not listed in Approved Security

# Technologies: Standards Details at all. Eventually it will be added as

# deprecated.

#

# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from

# OpenSSH doesn't constitute a regression in functionality from SunSSH.

#

# Interoperability gain provided by cast128-cbc is negligible, because all

# relevant ssh implementations also provide several more common encryption

# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.

#

# Update Aug 29, 2016:

# This used to be implemented by Solaris specific macro WITHOUT_CAST,

# but now upstream OPENSSL_NO_CAST is used instead. This patch now just

# removes cast references from manpages.

#

# This is a Solaris specific patch and it is not likely to be accepted upstream.

#

--- orig/ssh_config.5	Mon Aug 15 17:22:20 2016

+++ new/ssh_config.5	Mon Aug 15 17:25:28 2016

@@ -478,8 +478,6 @@

 .It

 blowfish-cbc

 .It

-cast128-cbc

-.It

 [email protected]

 .El

 .Pp

--- orig/sshd_config.5	Mon Aug 15 17:22:29 2016

+++ new/sshd_config.5	Mon Aug 15 17:25:58 2016

@@ -479,8 +479,6 @@

 .It

 blowfish-cbc

 .It

-cast128-cbc

-.It

 [email protected]

 .El

 .Pp

--- orig/sshd.8	Mon Aug 15 17:22:36 2016

+++ new/sshd.8	Mon Aug 15 17:26:48 2016

@@ -307,7 +307,7 @@

 forward security is provided through a Diffie-Hellman key agreement.

 This key agreement results in a shared session key.

 The rest of the session is encrypted using a symmetric cipher, currently

-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.

+128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.

 The client selects the encryption algorithm

 to use from those offered by the server.

 Additionally, session integrity is provided