On 06/06/2014 12:30 PM, Hubert Kario wrote:
----- Original Message -----
> From: "Florian Weimer" <fweimer(a)redhat.com>
> To: security(a)lists.fedoraproject.org
> Sent: Friday, June 6, 2014 10:58:17 AM
> Subject: Re: available crypto policies
>
> On 06/05/2014 04:41 PM, Eric H. Christensen wrote:
>
>> Who still uses 1024-bit keys? You aren't finding a CA to sign them.
>
> By default, sshd uses 1024 bits for the protocol 1 ephemeral server key.
Isn't version 1 completely broken and you shouldn't use it at all?
Just like SSLv2?
Yes, it's disabled by default.
--
Florian Weimer / Red Hat Product Security Team