Here are some change log entries confirming my suspicion: openssh (1:7.4p1-1) unstable; urgency=medium
* New upstream release (http://www.openssh.com/txt/release-7.4): - ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. openssh (1:7.3p1-1) unstable; urgency=medium * New upstream release (http://www.openssh.com/txt/release-7.3): - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Note that CBC ciphers are disabled by default and only included for legacy compatibility. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771359 Title: No matching cipher found even if client and server have matching cipher To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771359/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
