nixos/sshd: Remove algorithms that do MAC-then-encrypt

Algorithms with the -etm suffix calculate the MAC after encryption, which is generally considered safer.
2023-05-10 23:04:17 +02:00 · 2023-05-10 23:04:17 +02:00 · 537d611a75
parent a9611f3429
commit 537d611a75
1 changed files with 0 additions and 3 deletions
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -365,9 +365,6 @@ in
                "hmac-sha2-512-etm@openssh.com"
                "hmac-sha2-256-etm@openssh.com"
                "umac-128-etm@openssh.com"
-                "hmac-sha2-512"
-                "hmac-sha2-256"
-                "umac-128@openssh.com"
              ];
              description = lib.mdDoc ''
                Allowed MACs