OpenSSH 7.5 Released, Legacy Crypto Functions Still Heading For Retirement
OpenSSH 7.5 has been released as the latest update to this widely-used open-source package.
OpenSSH 7.5 has many bug fixes, including some security fixes around a weakness in CBC padding and a sftp-client vulnerability on Cygwin. OpenSSH 7.5 also ships with a number of bug-fixes throughout its code.
More legacy cryptography functions remain planned for retirement in future releases including the dropping of remaining SSH v.1 protocol support, removing support for Blowfish and RC4 ciphers and RIPE-MD160 HMAC, and removing CBC ciphers from the default in the client. A future OpenSSH release will also refuse RSA keys smaller than 1024 bits.
More details on OpenSSH 7.5 via its release announcement.
OpenSSH 7.5 has many bug fixes, including some security fixes around a weakness in CBC padding and a sftp-client vulnerability on Cygwin. OpenSSH 7.5 also ships with a number of bug-fixes throughout its code.
More legacy cryptography functions remain planned for retirement in future releases including the dropping of remaining SSH v.1 protocol support, removing support for Blowfish and RC4 ciphers and RIPE-MD160 HMAC, and removing CBC ciphers from the default in the client. A future OpenSSH release will also refuse RSA keys smaller than 1024 bits.
More details on OpenSSH 7.5 via its release announcement.
2 Comments