You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Oracle Linux: How to Disable CBC Ciphers in SSHd server on Oracle Linux 8/9

Applies to: 

Oracle Cloud Infrastructure - Version N/A and later 

Linux x86-64 

Oracle Linux 8 – Oracle Linux 9. 

 

Goal: 

Disable CBC ciphers in openSSH server on Oracle Linux 8 and Oracle Linux 9

Solution

Follow below steps as root user:  

1) Create DISABLE-CBC.pmod sub-policy file with the following content:

 
# vi /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod 

cipher@ssh = -AES-192-CBC -AES-128-CBC -AES-256-CBC -3DES-CBC 
cipher = -AES-128-CBC -AES-192-CBC -AES-256-CBC -3DES-CBC 
mac = HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 
hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 

2) Check the current policy:

# update-crypto-policies --show 
DEFAULT 

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!