add back GCM cipher

we originally removed GCM from the cipher chain due to vulnerabilities in OpenSSH. We are adding it back, since any sensible implementation will have had enough time to fix or backport. On top of that, GCM is generally a preferred algorithm. Let's get it back now. Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
dev-sec · Jan 12, 2015 · 32f14ac · 32f14ac
1 parent dcfc0a8
commit 32f14ac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libraries/get_ssh_ciphers.rb b/libraries/get_ssh_ciphers.rb
@@ -32,7 +32,7 @@ def self.get_ciphers(node, cbc_required)
         ciphers_53['weak'] = ciphers_53['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
 
         ciphers_66 = {}
-        ciphers_66.default = 'chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
+        ciphers_66.default = 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
         ciphers_66['weak'] = ciphers_66['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
 
         # determine the cipher for the operating system