|
|
|
|
|
|
by throw0101a
678 days ago
|
|
|
> SSH by default isn't Yes, and that's fine. But if SSH mandated a certain thing and disallowed even admins to change it it would be the equivalent problem. It's Ubuntu preventing the use of anything but "SafeCurves" that's the problem. If Ubuntu/Canonical want to use them—fine. (Maybe.†) But don't disable the functionality for admins. † Some regulated industries need to use certain Approved Algorithms, which may or may not include your favourite ones. Further there may be all sorts of other (workflow) tooling that may not support your favourite ones either, and forcing your favourites on other people (especially taking away other options) is a jerk move. |
|
|
The TLS 1.2 -> 1.3 upgrade also disallowed a lot of previously used things, and this was generally considered to be a great improvement (though of course TLS endpoints can be backwards-compatible).