You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How To Disable Weak Ciphers such as Cipher Block Chaining (CBC) Ciphers on Oracle Linux

edited Mar 6, 2023 5:09AM in Linux

It is possible to limit what ciphers can be used with the ssh service on Linux distributions, and weak ciphers, such as CBC ciphers and the HMAC MD5 algorithms can be disabled.

To disable weak ciphers, such as CBC ciphers and insecure HMAC algorithms, use the following procedures:

Oracle Linux 8 and 9

The list of available ciphers may be obtained using the ssh -Q cipher command:

# ssh -Q cipher

The list of available MAC algorithms may be obtained using the ssh -Q mac command: 

# ssh -Q mac

To disable weak ciphers and insecure HMAC algorithms in ssh service in Oracle Linux 8 or 9, follow the instructions below:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!