<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><tt>Dear list,</tt></p>
<p><tt>to update our recommendations for openssh I collected the
supported and default settings for Ciphers, MACs and
KexAlgorithms of various openssh versions. Mostly from
manpages.(debian.org|ubuntu.com) and a few systems accessible to
me.</tt></p>
<p><tt>As far as possible and reasonable I rearranged the algorithm
names in the defaults tables, without changing the order by
inserting empty fields. This was not possible everywhere, so
there are columns with different algos, but otherwise the table
would be very wide.<br>
</tt></p>
<p><tt>If you have access to manpages from versions <i>other than
these</i> then please send me the sections Ciphers, MACs and
KexAlgorithms so I can add them to the summarizing tables. These
versions are covered currently:<br>
* 5.9 precise 12.04<br>
* 6.6 trusty 14.04<br>
* 6.7 jessie 8<br>
* 7.2 xenial 16.04<br>
* 7.4 centos 7.5<br>
* 7.4 stretch 9<br>
* 7.5 artful 17.10<br>
* 7.6 bionic 18.04<br>
* 7.7 cosmic 18.10<br>
* 7.8 tumbleweed<br>
* 7.9 debian unstable</tt></p>
<p><tt>I hope using the tables we can easier and better decide which
setting to use for which versions - and if we want to change the
defaults at all.<br>
</tt></p>
<p><tt>For example hmac-ripemd160 is not supported in newer versions
anymore, but it is part of our recommendations.</tt></p>
<p><tt></tt>Sebastian<br>
</p>
</body>
</html>