Re-add AES-CBC ciphers to the default cipher list on the server.

PR:		207679

3 files changed, 12 insertions, 4 deletions

diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade
index 7acd51fbe663..43e2a743537e 100644
--- a/crypto/openssh/FREEBSD-upgrade
+++ b/crypto/openssh/FREEBSD-upgrade
@@ -1,4 +1,3 @@
-
 	    FreeBSD maintainer's guide to OpenSSH-portable
 	    ==============================================
 
@@ -166,6 +165,13 @@
    ignore HPN-related configuration options to avoid breaking existing
    configurations.
 
+A) AES-CBC
+
+   The AES-CBC ciphers were removed from the server-side proposal list
+   in 6.7p1 due to theoretical weaknesses and the availability of
+   superior ciphers (including AES-CTR and AES-GCM).  We have re-added
+   them for compatibility with third-party clients.
+
 
 
 This port was brought to you by (in no particular order) DARPA, NAI
diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h
index 7a8b43228175..d286691ebb21 100644
--- a/crypto/openssh/myproposal.h
+++ b/crypto/openssh/myproposal.h
@@ -113,10 +113,11 @@
 #define KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
 	"aes128-ctr,aes192-ctr,aes256-ctr" \
-	AESGCM_CIPHER_MODES
+	AESGCM_CIPHER_MODES \
+	",aes128-cbc,aes192-cbc,aes256-cbc"
 
 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
-	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
+	"3des-cbc"
 
 #define KEX_SERVER_MAC \
 	"umac-64-etm@openssh.com," \
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index baed664fc1f8..cc43aad6c86a 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -482,7 +482,8 @@ The default is:
 .Bd -literal -offset indent
 chacha20-poly1305@openssh.com,
 aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com
+aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+aes128-cbc,aes192-cbc,aes256-cbc
 .Ed
 .Pp
 The list of available ciphers may also be obtained using the