Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Remove the arcfour and none ciphers from SSH2. #406

Merged
merged 1 commit into from

3 participants

Andreas Fischer terrafrost Scrutinizer Notifier
Andreas Fischer
Owner

Fixes #398

terrafrost
Owner

I would say comment it out - don't remove it all together. That way if it's to be re-added later - perhaps via a setEncryptionAlgorithms() function as proposed at #398 (comment)

Also, while you're at it, comment out none.

Andreas Fischer bantu changed the title from Remove the arcfour cipher from SSH2. to Remove the arcfour and none ciphers from SSH2.
Andreas Fischer
Owner

@terrafrost Done.

terrafrost
Owner

Go for it.

Andreas Fischer bantu merged commit 84ac305 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 phpseclib/Net/SSH2.php
4 phpseclib/Net/SSH2.php
View
@@ -1098,7 +1098,7 @@ function _key_exchange($kexinit_payload_server)
'arcfour256',
'arcfour128',
- 'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key
+ //'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key
// CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key
@@ -1126,7 +1126,7 @@ function _key_exchange($kexinit_payload_server)
'3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode
'3des-cbc', // REQUIRED three-key 3DES in CBC mode
- 'none' // OPTIONAL no encryption; NOT RECOMMENDED
+ //'none' // OPTIONAL no encryption; NOT RECOMMENDED
);
if (phpseclib_resolve_include_path('Crypt/RC4.php') === false) {
Something went wrong with that request. Please try again.