• @Synthead@lemmy.world
    link
    fedilink
    English
    6711 months ago

    ChaCha20-Poly1305 and CBC with Encrypt-then-MAC ciphers are vulnerable to a MITM attack.

    Saved you a click.

      • @thisisawayoflife@lemmy.world
        link
        fedilink
        4
        edit-2
        11 months ago

        Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.

        Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.