RHEL - Why does SSH connection select aes128-ctr cipher over aes256-ctr by default?
Issue
- SSH connections by default appear to be using
aes128-ctrwhenaes256-ctris more secure. -
RHEL 8 default order of ciphers in
/etc/ssh/ssh_configfile.# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -
RHEL 7 default order of ciphers in
/etc/ssh/ssh_configfile.# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
Environment
- Red Hat Enterprise Linux (RHEL) 8
- Red Hat Enterprise Linux (RHEL) 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
