File 1721-ssh-disable-CBC-ciphers-by-default.patch of Package erlang
From 2a37168b312f4f1ef0e60087d4ea7070508ec57a Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Thu, 9 Jan 2025 11:07:06 +0100
Subject: [PATCH 1/2] ssh: disable CBC ciphers by default
---
lib/ssh/src/ssh_transport.erl | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 717652c8d1..fe6a01d58a 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -179,7 +179,11 @@ default_algorithms1(kex) ->
default_algorithms1(cipher) ->
supported_algorithms(cipher, same(['AEAD_AES_128_GCM',
- 'AEAD_AES_256_GCM'
+ 'AEAD_AES_256_GCM',
+ 'aes256-cbc',
+ 'aes192-cbc',
+ 'aes128-cbc',
+ '3des-cbc'
]));
default_algorithms1(mac) ->
supported_algorithms(mac, same(['AEAD_AES_128_GCM',
--
2.43.0
