[ssh] Implement the "Ciphers" SSH config

Upstream will remove the CBC algorithms aes128-cbc, aes192-cbc, and
aes256-cbc from the server's KEX proposal in the next release. Removal
of these algorithms by default in the client is planned for the release
after that. These CBC algorithms were found vulnerable back in 2008,[1]
and OpenSSH does not propose them: server-side since 2014, client-side
since 2017.

It is _highly_ unlikely that the removal of these algorithms by default
would affect any JGit user. Nevertheless, let's give users a way to
explicitly specify ciphers (including enabling deprecated algorithms)
via their ~/.ssh/config file.

[1] https://www.kb.cert.org/vuls/id/958563

Change-Id: I7444861df3a7f526277fef2485773a20ac74ae8a
Signed-off-by: Thomas Wolf <twolf@apache.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
index 74e8c0488b..50a77bdbce 100644
--- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
@@ -53,6 +53,7 @@ Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
  org.apache.sshd.common;version="[2.12.0,2.13.0)",
  org.apache.sshd.common.auth;version="[2.12.0,2.13.0)",
  org.apache.sshd.common.channel;version="[2.12.0,2.13.0)",
+ org.apache.sshd.common.cipher;version="[2.12.0,2.13.0)",
  org.apache.sshd.common.compression;version="[2.12.0,2.13.0)",
  org.apache.sshd.common.config.keys;version="[2.12.0,2.13.0)",
  org.apache.sshd.common.config.keys.loader;version="[2.12.0,2.13.0)",