From af13edf8502b233a4dbdba450157e59a9c6d8a22 Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Thu, 9 Jan 2025 11:07:06 +0100
Subject: [PATCH] ssh: disable CBC ciphers by default

---
 lib/ssh/src/ssh_transport.erl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index c0b46b338bed..b836d21bb3db 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -178,7 +178,11 @@ default_algorithms1(kex) ->
 
 default_algorithms1(cipher) ->
     supported_algorithms(cipher, same(['AEAD_AES_128_GCM',
-				       'AEAD_AES_256_GCM'
+				       'AEAD_AES_256_GCM',
+                                       'aes256-cbc',
+                                       'aes192-cbc',
+                                       'aes128-cbc',
+                                       '3des-cbc'
                                       ]));
 default_algorithms1(mac) ->
     supported_algorithms(mac, same(['AEAD_AES_128_GCM',