]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 67fd36e)
testing: Use AES-GCM for SSH connections
authorTobias Brunner <tobias@strongswan.org>
Tue, 18 Sep 2018 14:49:49 +0000 (16:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 30 Oct 2018 14:06:57 +0000 (15:06 +0100)
RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).

AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).

testing/hosts/default/etc/ssh/sshd_config patch | blob | blame | history

diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config
index 46b1f02314948c27eb0e507063fcca2424e3732c..23fed4ed033b0847ee624f59f8e2f885e3b489e5 100644 (file)
--- a/testing/hosts/default/etc/ssh/sshd_config
+++ b/testing/hosts/default/etc/ssh/sshd_config
@@ -1,5 +1,6 @@
 Port 22
 Protocol 2
+Ciphers aes128-gcm@openssh.com
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
Unnamed repository; edit this file 'description' to name the repository.