On Fri, Oct 24, 2014 at 7:52 PM, Michael Richardson <m...@sandelman.ca> wrote: > > The reason why it hurts me is that I have servers configured according > > to bettercrypto.org and I can't connect from cero (rare occasions, but > > 1) MD5 != HMAC-MD5. That I didn't know, thanks Michael. For some reason bettercrypto.org people make sure not to use hmac-md5 by suggesting the following: MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
I believe I'd be able to connect to if SHA256 or SHA512 was enabled here: https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dropbear/patches/120-openwrt_options.patch > 2) SSHv2 is not SSL, and POODLE would be impossible against SSHv2 (or IPsec > for that matter). That, I'm aware of, yes. Best regards, Maciej _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel
