This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit d45646b08247e1578b367ed8cf2c326ebd22cd52
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Thu Jun 6 19:47:09 2024 +0200
Mention that CBC is not recommended
---
docs/standards.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/standards.md b/docs/standards.md
index 9998f66c1..5d68e41fb 100644
--- a/docs/standards.md
+++ b/docs/standards.md
@@ -80,7 +80,7 @@ supports the extension and then use it, but our server does
not publish it as be
### Ciphers
-* aes128cbc, aes128ctr, aes192cbc, aes192ctr, aes256cbc, aes256ctr,
arcfour128, arcfour256, blowfish-cbc,
+* aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr,
arcfour128, arcfour256, blowfish-cbc,
aes128-...@openssh.com, aes256-...@openssh.com, chacha20-poly1...@openssh.com,
3des-cbc
### Digests
@@ -122,6 +122,7 @@ the unsafe settings must do so **explicitly**. The
following settings have been
* [OpenSSH release notes](https://www.openssh.com/releasenotes.html) - usually
a good indicator of de-facto practices
* SHA-1 based key exchanges and signatures
* MD5-based and truncated HMAC algorithms
+* Ciphers using CBC mode.
* [RFC 8270 - Increase the Secure Shell Minimum Recommended Diffie-Hellman
Modulus Size to 2048 Bits](https://tools.ietf.org/html/rfc8270)
**Note:** it still possible to use 1024 by initializing the value
*programmatically* or via system property -
see [Security providers
setup](./security-providers.md#diff-hellman-group-exchange-configuration).
