Commit 537d611a authored by Martin Weinelt's avatar Martin Weinelt Committed by Matthieu Coudron
Browse files

nixos/sshd: Remove algorithms that do MAC-then-encrypt 

Algorithms with the -etm suffix calculate the MAC after encryption,
which is generally considered safer.
parent a9611f34

nixos/modules/services/networking/ssh/sshd.nix

+0 −3
Original line number Diff line number Diff line
@@ -365,9 +365,6 @@ in 
                "hmac-sha2-512-etm@openssh.com"

                "hmac-sha2-256-etm@openssh.com"

                "umac-128-etm@openssh.com"

                "hmac-sha2-512"

                "hmac-sha2-256"

                "umac-128@openssh.com"

              ];

              description = lib.mdDoc ''

                Allowed MACs