1 files changed, 21 insertions, 8 deletions
diff --git a/ssh.1 b/ssh.1
index ff08013bb..4fef3d587 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.130 2001/08/22 16:21:21 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.131 2001/08/22 17:45:16 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -389,20 +389,24 @@ This can also be specified on a per-host basis in a configuration file.
 .It Fl b Ar bind_address
 Specify the interface to transmit from on machines with multiple
 interfaces or aliased addresses.
-.It Fl c Ar blowfish|3des
+.It Fl c Ar blowfish|3des|des
 Selects the cipher to use for encrypting the session.
 .Ar 3des
 is used by default.
 It is believed to be secure.
 .Ar 3des
 (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
-It is presumably more secure than the
-.Ar des
-cipher which is no longer fully supported in
-.Nm ssh .
 .Ar blowfish
 is a fast block cipher, it appears very secure and is much faster than
 .Ar 3des .
+.Ar des
+is only supported in the
+.Nm
+client for interoperability with legacy protocol 1 implementations
+that do not support the
+.Ar 3des
+cipher.  Its use is strongly discouraged due to cryptographic
+weaknesses.
 .It Fl c Ar cipher_spec
 Additionally, for protocol version 2 a comma-separated list of ciphers can
 be specified in order of preference.
@@ -714,10 +718,19 @@ The default is
 Specifies the cipher to use for encrypting the session
 in protocol version 1.
 Currently,
-.Dq blowfish
+.Dq blowfish ,
+.Dq 3des ,
 and
-.Dq 3des
+.Dq des
 are supported.
+.Ar des
+is only supported in the
+.Nm
+client for interoperability with legacy protocol 1 implementations
+that do not support the
+.Ar 3des
+cipher.  Its use is strongly discouraged due to cryptographic
+weaknesses.
 The default is
 .Dq 3des .
 .It Cm Ciphers

diff --git a/ssh.1 b/ssh.1 index ff08013bb..4fef3d587 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.130 2001/08/22 16:21:21 stevesk Exp $	37	.\" $OpenBSD: ssh.1,v 1.131 2001/08/22 17:45:16 stevesk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -389,20 +389,24 @@ This can also be specified on a per-host basis in a configuration file.
389	.It Fl b Ar bind_address	389	.It Fl b Ar bind_address
390	Specify the interface to transmit from on machines with multiple	390	Specify the interface to transmit from on machines with multiple
391	interfaces or aliased addresses.	391	interfaces or aliased addresses.
392	.It Fl c Ar blowfish\|3des	392	.It Fl c Ar blowfish\|3des\|des
393	Selects the cipher to use for encrypting the session.	393	Selects the cipher to use for encrypting the session.
394	.Ar 3des	394	.Ar 3des
395	is used by default.	395	is used by default.
396	It is believed to be secure.	396	It is believed to be secure.
397	.Ar 3des	397	.Ar 3des
398	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.	398	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
399	It is presumably more secure than the
400	.Ar des
401	cipher which is no longer fully supported in
402	.Nm ssh .
403	.Ar blowfish	399	.Ar blowfish
404	is a fast block cipher, it appears very secure and is much faster than	400	is a fast block cipher, it appears very secure and is much faster than
405	.Ar 3des .	401	.Ar 3des .
		402	.Ar des
		403	is only supported in the
		404	.Nm
		405	client for interoperability with legacy protocol 1 implementations
		406	that do not support the
		407	.Ar 3des
		408	cipher. Its use is strongly discouraged due to cryptographic
		409	weaknesses.
406	.It Fl c Ar cipher_spec	410	.It Fl c Ar cipher_spec
407	Additionally, for protocol version 2 a comma-separated list of ciphers can	411	Additionally, for protocol version 2 a comma-separated list of ciphers can
408	be specified in order of preference.	412	be specified in order of preference.
@@ -714,10 +718,19 @@ The default is
714	Specifies the cipher to use for encrypting the session	718	Specifies the cipher to use for encrypting the session
715	in protocol version 1.	719	in protocol version 1.
716	Currently,	720	Currently,
717	.Dq blowfish	721	.Dq blowfish ,
		722	.Dq 3des ,
718	and	723	and
719	.Dq 3des	724	.Dq des
720	are supported.	725	are supported.
		726	.Ar des
		727	is only supported in the
		728	.Nm
		729	client for interoperability with legacy protocol 1 implementations
		730	that do not support the
		731	.Ar 3des
		732	cipher. Its use is strongly discouraged due to cryptographic
		733	weaknesses.
721	The default is	734	The default is
722	.Dq 3des .	735	.Dq 3des .
723	.It Cm Ciphers	736	.It Cm Ciphers