upstream commit

Replace list of ciphers and MACs adjacent to -1/-2 flag
 descriptions in ssh(1) with a strong recommendation not to use protocol 1.
 Add a similar warning to the Protocol option descriptions in ssh_config(5)
 and sshd_config(5);

prompted by and ok mmcc@

Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e

1 files changed, 5 insertions, 11 deletions

diff --git a/ssh.1 b/ssh.1
index 5b35b6cc..42f71afa 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.366 2015/11/15 22:26:49 jcs Exp $
-.Dd $Mdocdate: November 15 2015 $
+.\" $OpenBSD: ssh.1,v 1.367 2016/02/16 05:11:04 djm Exp $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -795,15 +795,9 @@ or the
 and
 .Fl 2
 options (see above).
-Both protocols support similar authentication methods,
-but protocol 2 is the default since
-it provides additional mechanisms for confidentiality
-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1,
-hmac-sha2-256, hmac-sha2-512,
-umac-64, umac-128, hmac-ripemd160).
-Protocol 1 lacks a strong mechanism for ensuring the
-integrity of the connection.
+Protocol 2 is the default.
+Protocol 1 should not be used - it suffers from a number of cryptographic
+weaknesses and is only offered to support legacy devices.
 .Pp
 The methods available for authentication are:
 GSSAPI-based authentication,