-1

In openssh is it possible edit ssh_config or sshd_config files to enable only TLS 1.2 supporting ciphers and disable tls1.1 and below, sslv3 and below so that the SSH connection uses only TLS 1.2 ???

I could achieve something similar to lighttpd by editing the lightpd.conf file.

Thanks!

hack
  • 9
  • 1
  • 3
  • 1
    SSH != TLS. You have a fundamental misunderstanding here. – user207421 Mar 18 '15 at 21:18
  • thank you EJP If I do a " openssl ciphers -v | TLS" I get the list of ciphers supporting TLS1.2 So I am looking for a way to substitute the generated ciphers in place of the old ciphers. Do correct me if i am wrong/ assumed it the opposite way. – hack Mar 18 '15 at 21:41
  • This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/), [Web Apps Stack Exchange](http://webapps.stackexchange.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Mar 18 '15 at 23:54

1 Answers1

1

You can specify the crypto algorithms that you want to use in your client and server configurations by using Ciphers, KexAlgorithms and MACs settings.

SSH protocol is not based on TLS and as such it does not support a concept of TLS protocol versions. You have to hand-pick the algorithms that you want to use. Also note that because it is a different protocol from TLS, the same vulnerabilities and weaknesses do not apply to it.

Read your OpenSSH version's manual pages for ssh_config and sshd_config to see the list of supported algorithms.

snap
  • 2,751
  • 22
  • 33
  • thank you Snap. https://www.openssl.org/docs/apps/ciphers.html gives me the list of the cipher suited that are TLS1.2 Now, is it possible to alter the ciphers list through commands like SSl_CTX or through any other way?? – hack Mar 18 '15 at 21:42
  • Which part of "SSH protocol is not based on TLS" you didn't understand? – snap Mar 19 '15 at 05:36