On 2015-06-15, Gerhard Wiesinger <lists@xxxxxxxxxxxxx> wrote: > I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is > CBC therefore considered as broken and unsecure (in general or SSH > implementation)? CBC modes in SSH use the last encrypted block of the previous packet as the IV for the next packet. The protocol is specified this way. > I also read a lot of references (see below) but still not clear to me > what's the actual "security status" of CBC and why it has been removed > in general. These are pertinent: > http://www.kb.cert.org/vuls/id/958563 http://www.openssh.com/txt/cbc.adv -- Christian "naddy" Weisgerber naddy@xxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev