diff options
| author | Gusted <williamzijl7@hotmail.com> | 2022-02-10 17:04:16 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-10 17:04:16 +0100 |
| commit | 581d29ec1dc7289415d5fd8361aa9a5221ba7ad2 (patch) | |
| tree | 6b39bb0c1ddffe76340e4b26873119e381fa195f /modules | |
| parent | 0c70b4c211a06e94f2a0a906ed205efcc2932d25 (diff) | |
| download | gitea-581d29ec1dc7289415d5fd8361aa9a5221ba7ad2.tar.gz gitea-581d29ec1dc7289415d5fd8361aa9a5221ba7ad2.zip | |
Update SSH Server crypto settings (#18697)
- Use a better and more curated list of Ciphers and KeyExchanges, these roughly follows OpenSSH's default.
- Remove some cryptography values which were deprecated.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/setting/setting.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index cdfa1130f2..edbdbfa866 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -163,9 +163,9 @@ var ( StartBuiltinServer: false, Domain: "", Port: 22, - ServerCiphers: []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128"}, - ServerKeyExchanges: []string{"diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "curve25519-sha256@libssh.org"}, - ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96"}, + ServerCiphers: []string{"chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"}, + ServerKeyExchanges: []string{"curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1"}, + ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1"}, KeygenPath: "ssh-keygen", MinimumKeySizeCheck: true, MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2048}, |