ssh: disable CBC ciphers by default

erlang · Jan 9, 2025 · af13edf · af13edf
1 parent 0418c10
commit af13edf
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
@@ -178,7 +178,11 @@ default_algorithms1(kex) ->
 
 default_algorithms1(cipher) ->
     supported_algorithms(cipher, same(['AEAD_AES_128_GCM',
-				       'AEAD_AES_256_GCM'
+				       'AEAD_AES_256_GCM',
+                                       'aes256-cbc',
+                                       'aes192-cbc',
+                                       'aes128-cbc',
+                                       '3des-cbc'
                                       ]));
 default_algorithms1(mac) ->
     supported_algorithms(mac, same(['AEAD_AES_128_GCM',