From ae6fbf2d866d4e81298d602dbbd91c7a9a2cff18 Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Fri, 10 Nov 2017 14:48:51 +0100
Subject: [PATCH] Update ciphers list in 9.3.11 with latest chacha20 and gcm
 ciphers

---
 bin/hardening/9.3.11_sshd_ciphers.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/hardening/9.3.11_sshd_ciphers.sh b/bin/hardening/9.3.11_sshd_ciphers.sh
index c521cc0..e528b35 100755
--- a/bin/hardening/9.3.11_sshd_ciphers.sh
+++ b/bin/hardening/9.3.11_sshd_ciphers.sh
@@ -14,7 +14,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=2
 
 PACKAGE='openssh-server'
-OPTIONS='Ciphers=aes128-ctr,aes192-ctr,aes256-ctr'
+OPTIONS='Ciphers=chacha20-poly1305@openssh\.com,aes256-gcm@openssh\.com,aes128-gcm@openssh\.com,aes256-ctr,aes192-ctr,aes128-ctr'
 FILE='/etc/ssh/sshd_config'
 
 # This function will be called if the script status is on enabled / audit mode