#
# In order for OpenSSH to comply with Oracle Software Security Assurance
# Standards (OSSA), completely remove support for unacceptable arcfour* ciphers
# and hmac-md5 Messages Authentication Codes (MACs). Besides that, disable
# deprecated 3des-cbc by default on client (already disabled on the server).
#
# Update Aug 29, 2016:
# Disabling arcfour used to be implemented by Solaris specific macro
# WITHOUT_ARCFOUR, but now upstream OPENSSL_NO_RC4 is used instead.
#
# Patch source: in-house
#
diff -pur old/mac.c new/mac.c
--- old/mac.c
+++ new/mac.c
@@ -87,8 +87,10 @@ static const struct macalg macs[] = {
{ "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
{ "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
#endif
+#ifndef WITHOUT_HMAC_MD5
{ "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
{ "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
+#endif
{ "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
{ "[email protected]", SSH_UMAC, 0, 0, 128, 64, 0 },
@@ -101,8 +103,10 @@ static const struct macalg macs[] = {
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
#endif
+#ifndef WITHOUT_HMAC_MD5
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
+#endif
{ "[email protected]", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
{ "[email protected]", SSH_UMAC, 0, 0, 128, 64, 1 },
{ "[email protected]", SSH_UMAC128, 0, 0, 128, 128, 1 },
diff -pur old/myproposal.h new/myproposal.h
--- old/myproposal.h
+++ new/myproposal.h
@@ -140,14 +140,14 @@
AESGCM_CIPHER_MODES
#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
- "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
+ "aes128-cbc,aes192-cbc,aes256-cbc"
#define KEX_SERVER_ENCRYPT_FIPS \
"aes128-ctr,aes192-ctr,aes256-ctr" \
AESGCM_CIPHER_MODES
#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \
- "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
+ "aes128-cbc,aes192-cbc,aes256-cbc"
#define KEX_SERVER_MAC_DFLT \
"[email protected]," \
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
@@ -470,12 +470,6 @@ [email protected]
.It
[email protected]
.It
-arcfour
-.It
-arcfour128
-.It
-arcfour256
-.It
blowfish-cbc
.It
[email protected]
@@ -486,7 +480,7 @@ The default is:
[email protected],
aes128-ctr,aes192-ctr,aes256-ctr,
[email protected],[email protected],
-aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
+aes128-cbc,aes192-cbc,aes256-cbc
.Ed
.Pp
The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8
+++ new/sshd.8
@@ -310,12 +310,12 @@ For protocol 2,
forward security is provided through a Diffie-Hellman key agreement.
This key agreement results in a shared session key.
The rest of the session is encrypted using a symmetric cipher, currently
-128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
+128-bit AES, Blowfish, 3DES, 192-bit AES, or 256-bit AES.
The client selects the encryption algorithm
to use from those offered by the server.
Additionally, session integrity is provided
through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
+(hmac-sha1, umac-64, umac-128, hmac-ripemd160,
hmac-sha2-256 or hmac-sha2-512).
.Pp
Finally, the server and the client enter an authentication dialog.
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
@@ -471,12 +471,6 @@ [email protected]
.It
[email protected]
.It
-arcfour
-.It
-arcfour128
-.It
-arcfour256
-.It
blowfish-cbc
.It
[email protected]
@@ -1009,10 +1003,6 @@ The supported MACs are:
.Pp
.Bl -item -compact -offset indent
.It
-hmac-md5
-.It
-hmac-md5-96
-.It
hmac-ripemd160
.It
hmac-sha1
@@ -1027,10 +1017,6 @@ [email protected]
.It
[email protected]
.It
[email protected]
-.It
[email protected]
-.It
[email protected]
.It
[email protected]