diff options
| author |   djm <djm@openbsd.org> | 2013-11-21 00:45:43 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-11-21 00:45:43 +0000 |
| commit | 1edbfe239db2487faa56c5fb5877105e3018932c (patch) | |
| tree | d5cbb0444e798f9ca43091e45c4a31f1498e401f /usr.bin/ssh/ssh_config.5 | |
| parent | remove the #define b_cylinder b_resid from bufs. i hated the (diff) | |
| download | wireguard-openbsd-1edbfe239db2487faa56c5fb5877105e3018932c.tar.xz wireguard-openbsd-1edbfe239db2487faa56c5fb5877105e3018932c.zip | |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"
that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC
to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
Diffstat (limited to 'usr.bin/ssh/ssh_config.5')
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 8809568a69d..9dbc76ca90b 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.179 2013/11/02 22:39:19 markus Exp $ -.Dd $Mdocdate: November 2 2013 $ +.\" $OpenBSD: ssh_config.5,v 1.180 2013/11/21 00:45:44 djm Exp $ +.Dd $Mdocdate: November 21 2013 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -334,7 +334,8 @@ The default is Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. -The supported ciphers are +The supported ciphers are: +.Pp .Dq 3des-cbc , .Dq aes128-cbc , .Dq aes192-cbc , @@ -348,15 +349,24 @@ The supported ciphers are .Dq arcfour256 , .Dq arcfour , .Dq blowfish-cbc , +.Dq cast128-cbc , and -.Dq cast128-cbc . +.Dq chacha20-poly1305@openssh.com . +.Pp The default is: +.Pp .Bd -literal -offset 3n aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-gcm@openssh.com,aes256-gcm@openssh.com, +chacha20-poly1305@openssh.com, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour .Ed +.Pp +The list of available ciphers may also be obtained using the +.Fl Q +option of +.Xr ssh 1 . .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings specified in the configuration files or on the command line be |