nixos/sshd: Remove algorithms that do MAC-then-encrypt

Algorithms with the -etm suffix calculate the MAC after encryption, which is generally considered safer.
NixOS · May 11, 2023 · 537d611 · 537d611
1 parent a9611f3
commit 537d611
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
@@ -365,9 +365,6 @@ in
                 "hmac-sha2-512-etm@openssh.com"
                 "hmac-sha2-256-etm@openssh.com"
                 "umac-128-etm@openssh.com"
-                "hmac-sha2-512"
-                "hmac-sha2-256"
-                "umac-128@openssh.com"
               ];
               description = lib.mdDoc ''
                 Allowed MACs