search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.22k stars 698 forks source link

Should aes192-cbc be removed from ssh ciphers? #4468

Closed shawndwells closed 5 years ago

shawndwells commented 5 years ago

Was not mentioned in ospp kickstart.

Might need to check with sgrubb.

shawndwells commented 5 years ago

ref is guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml

yuumasato commented 5 years ago

ref is guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml

The referenced rule is based on FIPS.

Per analysis by @stevegrubb, OSPP is stricter on allowed ciphers.

This should be covered by #4663, which configures Ciphers as the intersection between FIPS and OSPP Ciphers.