jfisherbah
commented
5 days ago This is covered by the use of implicit MAC in FCS_SSH_EXT.1.5
Closed bourdett closed 5 days ago
jfisherbah
commented
5 days ago This is covered by the use of implicit MAC in FCS_SSH_EXT.1.5
Hopefully over time, concerns with RFC 5647 can be resolved.
For example, OpenSSH implements a Cipher of aes128-gcm@openssh.com or aes256-gcm@openssh.com which when selected IGNORES the MAC selected and then uses the wire-protocol for AEAD_AES_128_GCM and AEAD_AES_256_GCM. There is some talk in the ietf-ssh mailing list of fixing the general problem of AEAD ciphers,