Bug 1375179

Summary: [RFE] RC4 and CBC ciphers shipped with openssh and openssh-server should be removed
Product: Red Hat Enterprise Linux 7 Reporter: Muhammad Azhar Shaikh <mdshaikh>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Hubert Kario <hkario>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: mgrepl, nmavrogi, szidek, thibaut.pouzet
Target Milestone: rcKeywords: FutureFeature
Target Release: 7.4   
Hardware: All   
OS: Linux   
Fixed In Version: openssh-7.4p1-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 18:42:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1335929, 1377248    

Comment 2 Jakub Jelen 2016-09-14 11:16:01 UTC
Basically the same request is in the bug #1373836 (for RHEL6.9 now). We are aware of this issue and we plan to proceed with removing insecure algorithms in future releases.

Comment 4 Chris Blum 2017-01-01 12:11:20 UTC
While we're at it - can we also remove the arcfour ciphers?
My security scanner (Greenbone) reports:

> Vulnerability Insight
> The ‘arcfour‘ cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be
> compatible with the RC4 cipher {[}SCHNEIER{]}. Arcfour (and RC4) has problems with weak keys, and
> should not be used anymore.

Currently this is not yet reflected on the customer portal:

But I don't know where I would let them know... So I came here ;)

Comment 10 errata-xmlrpc 2017-08-01 18:42:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.