cnst [cnst.su] writes:
What has been
planned for a long time now [twitter.com], prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is
now officially a reality [gmane.org] — with the help of some
recently adopted crypto from DJ Bernstein [slashdot.org], OpenSSH now finally has
a compile-time option [bxr.su] to no longer depend on OpenSSL —
`make OPENSSL=no` has
now been introduced [twitter.com] for a reduced-configuration OpenSSH to be built without OpenSSL, which
would leave you [twitter.com] with no legacy SSH-1 baggage at all, and on the SSH-2 front with only
AES-CTR [bxr.su] and
chacha20+poly1305 [bxr.su]
ciphers [bxr.su],
ECDH/curve25519 key exchange [bxr.su] and
Ed25519 public keys [bxr.su].
Original Submission
