upstream commit

Replace list of ciphers and MACs adjacent to -1/-2 flag
 descriptions in ssh(1) with a strong recommendation not to use protocol 1.
 Add a similar warning to the Protocol option descriptions in ssh_config(5)
 and sshd_config(5);

prompted by and ok mmcc@

Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e

3 files changed, 16 insertions, 15 deletions

diff --git a/ssh.1 b/ssh.1
index 5b35b6cc..42f71afa 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.366 2015/11/15 22:26:49 jcs Exp $
-.Dd $Mdocdate: November 15 2015 $
+.\" $OpenBSD: ssh.1,v 1.367 2016/02/16 05:11:04 djm Exp $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -795,15 +795,9 @@ or the
 and
 .Fl 2
 options (see above).
-Both protocols support similar authentication methods,
-but protocol 2 is the default since
-it provides additional mechanisms for confidentiality
-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1,
-hmac-sha2-256, hmac-sha2-512,
-umac-64, umac-128, hmac-ripemd160).
-Protocol 1 lacks a strong mechanism for ensuring the
-integrity of the connection.
+Protocol 2 is the default.
+Protocol 1 should not be used - it suffers from a number of cryptographic
+weaknesses and is only offered to support legacy devices.
 .Pp
 The methods available for authentication are:
 GSSAPI-based authentication,
diff --git a/ssh_config.5 b/ssh_config.5
index 5b09547d..c8ccfecb 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.224 2016/02/11 02:56:32 djm Exp $
-.Dd $Mdocdate: February 11 2016 $
+.\" $OpenBSD: ssh_config.5,v 1.225 2016/02/16 05:11:04 djm Exp $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1270,6 +1270,9 @@ will try version 2 and fall back to version 1
 if version 2 is not available.
 The default is
 .Sq 2 .
+Protocol 1 suffers from a number of cryptographic weaknesses and should
+not be used.
+It is only offered to support legacy devices.
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
diff --git a/sshd_config.5 b/sshd_config.5
index fa5cff2f..711a0252 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.217 2016/02/11 02:56:32 djm Exp $
-.Dd $Mdocdate: February 11 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1342,6 +1342,10 @@ and
 Multiple versions must be comma-separated.
 The default is
 .Sq 2 .
+Protocol 1 suffers from a number of cryptographic weaknesses and should
+not be used.
+It is only offered to support legacy devices.
+.Pp
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.