Open Radar

 
Summary:
ssh provided with OS X Mavericks is linked against a prehistoric version of OpenSSL/OSSLShim 0.9.8r from 2011. This prevents the use of secure and modern ciphers and HMACs with ssh.

Steps to Reproduce:
Add aes128-gcm@openssh.com,aes256-gcm@openssh.com as preferred ciphers to /etc/sshd_config or /etc/ssh_config or ~/.ssh/config.
Upon trying to connect ssh complains about an illegal cipher setting and will refuse to run.
Checking man 5 ssh_config in the Cipher section shows an example with aes128-gcm@openssh.com,aes256-gcm@openssh.com suggesting that these ciphers actually should work.

Since AES-GCM was only added in OpenSSL 1.0.1 this can't work. So either the man page give misleading (and hence leading to frustration) information or, actually the case, ssh is linked against a prehistory version of OpenSSL from 2011 preventing the use of AES-GCM.

Expected Results:
AES-GCM should be available as a working cipher as the documentation suggests.


Actual Results:
Trying to use aes128-gcm@openssh.com,aes256-gcm@openssh.com as ciphers results in an error message about an illegal cipher setting.

Version:
OS X 10.9 Mavericks 13A603
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

Notes:
SSH should be immediately updated to the current 6.4 release to work around CVE-2013-4548 AND be linked against the _current_ openssl 1.0.1 version enabling the use of secure ciphers and MACs.

Not being able to have an as-secure-as-possible SSH environment on OS X is absolutely not acceptable due to the US Governments and NSA's attacks on human rights, information security, and computer systems which require the use of secure and modern ciphers.