X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=UlVt/QakBB6vTKXq
	oGsMgPbbx43YtKks4BA5RZLSLsdUfhGa2o10jydbRSh79cLE14hlLaIqGkyrrQv+
	s7dvRk8hf5UADjVOGR1uNaBoZs5dmbc/8Js6GMbAhMgIbn7tvcLMoilVzE+61MxN
	F/CwYVxbuO+1AJ6BAAV2x0jwUO8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=i7gvnAgpgylHE6xVf7pcbM
	rbCeM=; b=e1n8OXl4Q1L44eyWW524/6X3ARz4bQby7GmTObWIgW5yrmhy1/ECON
	d7BhxA99PAFvOZCM/rn7jQrZJAN8E6TtKl5o4a333tYec8e7qqU/Iyoydhn/wvHj
	IALIiu5VfEVbk2p3nJ24vtNMPyCmCxv3M4iueJ9KisjzubYIsdnnQ=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=outward, txt, sheer, U*cygsimple
X-HELO: mail-io0-f195.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:subject:to:references:from:message-id:date         :user-agent:mime-version:in-reply-to:content-transfer-encoding;        bh=bU2Hp2dt/yRKu272ZFIMr9BwVjCBZiTDiuuoLmB6B5c=;        b=YZMV3YVVt4dtzFtXeno/NgUVtsnitNzKxoYqoPKBBDGzqzZ/b/s6ZYbly8aWZmlp+8         qV84K9DaMf9C3wcOwwKjtPgMl5VWNguMTRvKOVVE/2OYh889BKnuuQxELqSCRIO/rHVK         gJW7qCw/9O9QMF8VgckDBWu30/3hKc6043EUF0H0QKlrEXE31y738PlUqffrAlembm/A         PvcRZ5HaNDYY5N33ceGSzM6TAyrLOq7e8BJ1IUR1+UYWNfeyDMk5NRH8FlMwaF2XG2dS         CpVpChuoL2HboTpEnecDTi+PxDbLX438+LuzAdXBuOBYD2akADFscQyYs+q/5jMgLHo+         fz0g==
X-Gm-Message-State: AFeK/H0asbSECLYYl+WQxgpHdoPHZaEBEtsdj8ivlTM+HJaWQVhoNrZaDdEfJZco04oe3g==
X-Received: by 10.107.19.196 with SMTP id 65mr20822040iot.191.1491308770083;        Tue, 04 Apr 2017 05:26:10 -0700 (PDT)
Subject: Re: Downgrade opensshh from 7.4 to 5.1?
To: cygwin AT cygwin DOT com
References: <CA+XsFcEFOjSHq7J9kbFCdd6bZndcxKmipvmEFXdKGFP2gYCqKA AT mail DOT gmail DOT com> <9894fed9-9416-d3cf-71c6-3640291c59ac AT gmail DOT com> <CANnLRdiHY-UnkbLtxCy0NVGrTcOCN0ZgoQmMt0qaM2BWZnCoFg AT mail DOT gmail DOT com>
From: cyg Simple <cygsimple AT gmail DOT com>
Message-ID: <86046d97-ecc0-ce4e-def4-43becdb1347c@gmail.com>
Date: Tue, 4 Apr 2017 08:25:55 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CANnLRdiHY-UnkbLtxCy0NVGrTcOCN0ZgoQmMt0qaM2BWZnCoFg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes

On 4/3/2017 12:23 PM, Stephen John Smoogen wrote:
> On 3 April 2017 at 11:03, cyg Simple <cygsimple AT gmail DOT com> wrote:
>> On 4/3/2017 10:45 AM, Kleine Raphael wrote:
>>> Hello
>>>
>>> My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h  3 May 2016)
>>> and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov
>>> 2009)
>>>
>>
>> Explain more the "can not support".
>>
> 
> While I agree we need more information, this may be one of the cases
> where a person is trying to be circumspect due to other policies.
> 
> I think that the OpenSSH after 6.9 started dropping support for older
> algorithms (https://www.openssh.com/txt/release-7.0) . If you are
> using SSH to manage various industrial equipment then you are pretty
> much stuck with using older SSH because the equipment may only support
> RC4 or maybe only has keys of 512 or 768 bits. [Trying to get an
> industrial manufacturer to update equipment is a multi-decade process.
> They may have just started creating hardware which has SSH vs straight
> telnet and they won't update to a newer version of SSH until 2028 :/]

That may be true except for PCI compliance[1] where every piece of
equipment between the processor and computer needs to be 1024 bit
standard.  I'm well aware of the fact that the change takes time even in
my own professional job there are still certificates that carry the 512
bit cert data.  That doesn't mean the business is not trying to upgrade
but due to the sheer mass of computers running the business there are a
few with OLD, OUT-OF-DATE hardware and OS.  However where the business
is outward facing the whole process has been updated without delay.

[1]
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

-- 
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple