x/crypto/ssh: library deprecates ciphers over-eagerly #12131
Labels
Milestone
Comments
mikioh
changed the title
|
/cc @agl |
|
This is a conscious choice. Note that starting with version 7, OpenSSH is also leaving out deprecated ciphers by default. Adding hmac-md5 should be fairly trivial to add to a local copy of go.crypto. |
|
If there's a significant population of devices that need this then it could probably be added, but disabled by default. But I think that this is the first time that hmac-md5 has been requested so a local solution is appropriate for now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
From https://github.com/golang/crypto/blob/master/ssh/common.go#L52
Unfortunately this is wishful thinking. ssh servers should not use old ciphers,
but sometimes they do, and we still need to manage them. Sometimes we
have no control over the server implementation -- in this instance it's
Mikrotik routers. Deprecated ciphers are still useful in this circumstance
even though in an ideal world this would not be the case.
I'd work on making a patch, but as this appears to be a conscious choice
I want to check here first to make sure I'm not wasting my time if it would
be rejected out of hand.
The text was updated successfully, but these errors were encountered: