10 # |
10 # |
11 # Interoperability gain provided by cast128-cbc is negligible, because all |
11 # Interoperability gain provided by cast128-cbc is negligible, because all |
12 # relevant ssh implementations also provide several more common encryption |
12 # relevant ssh implementations also provide several more common encryption |
13 # algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc. |
13 # algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc. |
14 # |
14 # |
|
15 # Update Aug 29, 2016: |
|
16 # This used to be implemented by Solaris specific macro WITHOUT_CAST, |
|
17 # but now upstream OPENSSL_NO_CAST is used instead. This patch now just |
|
18 # removes cast references from manpages. |
|
19 # |
15 # This is a Solaris specific patch and it is not likely to be accepted upstream. |
20 # This is a Solaris specific patch and it is not likely to be accepted upstream. |
16 # |
21 # |
17 diff -pur old/cipher.c new/cipher.c |
22 --- orig/ssh_config.5 Mon Aug 15 17:22:20 2016 |
18 --- old/cipher.c |
23 +++ new/ssh_config.5 Mon Aug 15 17:25:28 2016 |
19 +++ new/cipher.c |
24 @@ -478,8 +478,6 @@ |
20 @@ -88,8 +88,10 @@ static const struct sshcipher ciphers[] |
|
21 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, |
|
22 { "blowfish-cbc", |
|
23 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, |
|
24 +#ifndef WITHOUT_CAST128 |
|
25 { "cast128-cbc", |
|
26 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, |
|
27 +#endif |
|
28 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, |
|
29 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, |
|
30 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, |
|
31 diff -pur old/ssh_config.5 new/ssh_config.5 |
|
32 --- old/ssh_config.5 |
|
33 +++ new/ssh_config.5 |
|
34 @@ -478,8 +478,6 @@ arcfour256 |
|
35 .It |
25 .It |
36 blowfish-cbc |
26 blowfish-cbc |
37 .It |
27 .It |
38 -cast128-cbc |
28 -cast128-cbc |
39 -.It |
29 -.It |
40 [email protected] |
30 [email protected] |
41 .El |
31 .El |
42 .Pp |
32 .Pp |
43 diff -pur old/sshd.8 new/sshd.8 |
33 --- orig/sshd_config.5 Mon Aug 15 17:22:29 2016 |
44 --- old/sshd.8 |
34 +++ new/sshd_config.5 Mon Aug 15 17:25:58 2016 |
45 +++ new/sshd.8 |
35 @@ -479,8 +479,6 @@ |
46 @@ -307,7 +307,7 @@ For protocol 2, |
36 .It |
|
37 blowfish-cbc |
|
38 .It |
|
39 -cast128-cbc |
|
40 -.It |
|
41 [email protected] |
|
42 .El |
|
43 .Pp |
|
44 --- orig/sshd.8 Mon Aug 15 17:22:36 2016 |
|
45 +++ new/sshd.8 Mon Aug 15 17:26:48 2016 |
|
46 @@ -307,7 +307,7 @@ |
47 forward security is provided through a Diffie-Hellman key agreement. |
47 forward security is provided through a Diffie-Hellman key agreement. |
48 This key agreement results in a shared session key. |
48 This key agreement results in a shared session key. |
49 The rest of the session is encrypted using a symmetric cipher, currently |
49 The rest of the session is encrypted using a symmetric cipher, currently |
50 -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
50 -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
51 +128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES. |
51 +128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES. |
52 The client selects the encryption algorithm |
52 The client selects the encryption algorithm |
53 to use from those offered by the server. |
53 to use from those offered by the server. |
54 Additionally, session integrity is provided |
54 Additionally, session integrity is provided |
55 diff -pur old/sshd_config.5 new/sshd_config.5 |
|
56 --- old/sshd_config.5 |
|
57 +++ new/sshd_config.5 |
|
58 @@ -472,8 +472,6 @@ arcfour256 |
|
59 .It |
|
60 blowfish-cbc |
|
61 .It |
|
62 -cast128-cbc |
|
63 -.It |
|
64 [email protected] |
|
65 .El |
|
66 .Pp |
|