Add newly-validated version and mention disabling chacha20-poly1305@openssh.com

Mathieu Simon 2023-12-21 14:18:30 +01:00
parent 151e22fa83
commit 4c837f1dea

@ -27,6 +27,8 @@ aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
```
In order to work around [CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795) you can also disable `chacha20-poly1305@openssh.com`.
### KEX
Leave the following key exchange algorithms (KEX) enabled and disable the remaining ones:
@ -64,6 +66,7 @@ At least DSM version 7.2 doesn't allow you reaching a perfect score, since neith
## Validated versions
| DSM | ssh-audit |
| ---------------------- | ------------- |
| ----------------------- | ------------- |
| DSM 7.2.1-69057 Update 3 | [master @ c8e075ad13516b59ab30461d2590c3403e3379e8 ](https://github.com/jtesta/ssh-audit/commit/c8e075ad13516b59ab30461d2590c3403e3379e8) |
| DSM 7.2.1-69057 | [master @ 02ab487232de438c0811116f2676cb1c9b5f3d62 ](https://github.com/jtesta/ssh-audit/commit/02ab487232de438c0811116f2676cb1c9b5f3d62) |
| DSM 7.2-64570 Update 3 | |