Remix.run Logo
lousken a day ago

That sucks, that means they will still appear in audits, they should remove them from the default.

a day ago | parent | next [-]
[deleted]
PunchyHamster a day ago | parent | prev [-]

OpenSSH thankfully cares little for corporate security theathre

But I can sympathise, our stuff got flagged in audit because we foolishly assumed that some requirement was checked by just having OpenSSH "new enough",but it turned out that RedHat for that RHEL version patched back some old considered insecure primitives to keep their customers happy...

lousken a day ago | parent | next [-]

It would be nice to have defaults that are following regulations because it sucks to have and maintain explicit list. If it would be a simple toggle - secureciphersonly=yes sure, but listing them is just creating tech debt.

ok123456 a day ago | parent | prev [-]

aka FIPS.