Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: proposal to remove weak (rc4 based) ciphers arcfour{128,256} from default cipher list #23173

Closed
psanford opened this issue Dec 19, 2017 · 6 comments
Closed

x/crypto/ssh: proposal to remove weak (rc4 based) ciphers arcfour{128,256} from default cipher list #23173

psanford opened this issue Dec 19, 2017 · 6 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@psanford
Copy link

x/crypto/ssh has "arcfour256", "arcfour128" in its list of default ciphers. These ciphers are now considered weak. I seems like it might be time to disable these by default as the documentation says:

// The allowed cipher algorithms. If unspecified then a sensible
// default is used.
Ciphers []string

These two ciphers are rc4 variants. They do discard the first 1536 bytes of the cipher stream so they are better than plain rc4 but they are still considered weak.

OpenSSH disabled them by default in 7.2 (2016-02-29) and removed them completely in release 7.6 (2017-10-03).

RC4 was disabled by default in crypto/tls in 2015: #10094.

I was dinged in a security audit because these ciphers were enabled. I can obviously remove them from my config, but with the OpenSSH changes it seemed like it might be more appropriate to update the defaults.

If this change is acceptable I'm happy to something for code review.
@gopherbot gopherbot added this to the Unreleased milestone Dec 19, 2017
@odeke-em
Copy link
Member

/cc @agl @FiloSottile @hanwen

@FiloSottile
Copy link
Contributor

Thanks for bringing this up. The OpenSSH changes suggest there is no sizable compatibility loss, so I’m strongly in favor. (Even if I think SSH has strong downgrade protection, so they wouldn’t affect most connections.)

@hanwen
Copy link
Contributor

hanwen commented Dec 19, 2017

OK to remove them from the default list, but they must be available if specified explicitly.

@gopherbot
Copy link

Change https://golang.org/cl/85155 mentions this issue: ssh: remove arcfour{128,256} from default cipher list

@gopherbot
Copy link

Change https://golang.org/cl/86955 mentions this issue: ssh: remove arcfour ciphers from the default preference list

@hanwen
Copy link
Contributor

hanwen commented Jan 22, 2018

fixed in https://go.googlesource.com/crypto/+/1835319e08b3912563a14bbe05e639d7470a30a8

commit 1835319

@hanwen hanwen closed this as completed Jan 22, 2018
@golang golang locked and limited conversation to collaborators Jan 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@hanwen @psanford @FiloSottile @odeke-em @gopherbot