nixos/sshd: Remove algorithms that do MAC-then-encrypt

Algorithms with the -etm suffix calculate the MAC after encryption,
which is generally considered safer.
This commit is contained in:
Martin Weinelt 2023-05-10 23:04:17 +02:00 committed by Matthieu Coudron
parent a9611f3429
commit 537d611a75

View file

@ -365,9 +365,6 @@ in
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = lib.mdDoc ''
Allowed MACs