octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2025-01-27 09:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Comment out (potentially) insecure ciphers arcfour and none.

Browse Source
This commit is contained in:
Andreas Fischer 2014-07-21 12:16:49 +02:00
parent e0e67a602b
commit 84ac305704
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
phpseclib/Net/SSH2.php
View File

@ -1098,7 +1098,7 @@ class Net_SSH2
'arcfour256', 'arcfour256',
'arcfour128', 'arcfour128',
'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key //'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key
// CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>: // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key 'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key
@ -1126,7 +1126,7 @@ class Net_SSH2
'3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode '3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode
'3des-cbc', // REQUIRED three-key 3DES in CBC mode '3des-cbc', // REQUIRED three-key 3DES in CBC mode
'none' // OPTIONAL no encryption; NOT RECOMMENDED //'none' // OPTIONAL no encryption; NOT RECOMMENDED
); );
if (phpseclib_resolve_include_path('Crypt/RC4.php') === false) { if (phpseclib_resolve_include_path('Crypt/RC4.php') === false) {