-
|
Hi Nicola, I am running this SFTP server and trying to connect from a legacy client. The legacy client is attempting to use aes256-cbc cipher when connecting , which is now not active by default. On the host where I have docker running I have that specific cipher enabled in /etc/ssh/ssh_config but this does not seem to be working in the docker container itself. Are there currently any ways to enable additional ciphers to the docker container? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi, you can customize the ciphers. An empty list enables the default ciphers:
you can also set Please note that CBC mode is insecure and so is not included in the default config (see https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf), you should expect that an active attacker can recover plaintext if you use it |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your response! I have let the folks know this is a security risk but it seems to be a risk we are willing to take. |
Beta Was this translation helpful? Give feedback.
Hi,
you can customize the ciphers. An empty list enables the default ciphers:
you can also set
aes128-cbc,3des-cbcand arc four based ciphers.Please note that CBC mode is insecure and so is not included in the default config (see https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf), you should expect that an active attacker can recover plaintext if you use it