HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri Aug 5 08:48:20 UTC 2016
On 08/05/16 03:09, Glen Barber wrote:
> On Fri, Aug 05, 2016 at 01:59:18AM +0000, Glen Barber wrote:
>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
>>
>
> Stupid editor mistake. OpenSSH DSA keys are deprecated upstream. Sorry
> for any confusion.
>
>> Please see r303716 for details on the relevant commit, but upstream no
>> longer considers them secure. Please replace DSA keys with ECDSA or RSA
I believe ED25519 keys are also a preferred type.
>> keys as soon as possible, otherwise there will be issues when upgrading
>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
>> 11.0-RELEASE build.
>>
>
> Glen
> On behalf of: re@ and secteam@
>
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160805/a7357481/attachment.sig>
More information about the freebsd-current
mailing list