| Age | Commit message (Expand) | Author |
|---|
| 2022-03-30 | select post-quantum KEX sntrup761x25519-sha512@openssh.com as the | Damien Miller |
| 2021-11-10 | add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + | Damien Miller |
| 2021-08-29 | After years of forewarning, disable the RSA/SHA-1 signature algorithm | Damien Miller |
| 2020-10-03 | prefer ed25519 signature algorithm variants to ECDSA; ok markus@ | Damien Miller |
| 2020-01-24 | remove ssh-rsa (SHA1) from the list of allowed CA signature algorithms | Damien Miller |
| 2020-01-23 | Remove unsupported algorithms from list of defaults at run time and | Darren Tucker |
| 2020-01-22 | remove diffie-hellman-group14-sha1 from default kex to see what happens. | Ted Unangst |
| 2019-12-16 | sort sk-* methods behind their plain key methods cousins for now | Damien Miller |
| 2019-12-15 | allow security keys to act as host keys as well as user keys. | Damien Miller |
| 2019-12-10 | add security key types to list of keys allowed to act as CAs; | Damien Miller |
| 2019-11-12 | enable ed25519 support; ok djm | Markus Friedl |
| 2019-11-01 | remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path | Damien Miller |
| 2019-10-31 | Separate myproposal.h userauth pubkey types | Damien Miller |
| 2019-02-23 | openssh-7.9 accidentally reused the server's algorithm lists in the | Damien Miller |
| 2018-09-12 | add SSH_ALLOWED_CA_SIGALGS - the default list of signature algorithms | Damien Miller |
| 2018-07-03 | Improve strictness and control over RSA-SHA2 signature types: | Damien Miller |
| 2017-05-07 | Don't offer CBC ciphers by default in the client. ok markus@ | Damien Miller |
| 2016-09-28 | Remove support for pre-authentication compression. Doing compression | Damien Miller |
| 2016-09-22 | support plain curve25519-sha256 KEX algorithm now that it is | Damien Miller |
| 2016-09-05 | remove 3des-cbc from the client's default proposal; 64-bit block ciphers | Damien Miller |
| 2016-05-02 | add support for additional fixed DH groups from | Damien Miller |
| 2016-02-09 | turn off more old crypto in the client: hmac-md5, ripemd, truncated | Damien Miller |
| 2015-12-05 | prefer rsa-sha2-512 over -256 for hostkeys, too; noticed by naddy@ | Markus Friedl |
| 2015-12-04 | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) | Markus Friedl |
| 2015-07-10 | Turn off DSA by default; add HostKeyAlgorithms to the server and | Markus Friedl |
| 2015-07-03 | turn off 1024 bit diffie-hellman-group1-sha1 key exchange method | Damien Miller |
| 2015-07-03 | delete support for legacy v00 certificates; "sure" markus@ dtucker@ | Damien Miller |
| 2015-05-27 | Reorder client proposal to prefer diffie-hellman-group-exchange-sha1 over | Darren Tucker |
| 2015-04-21 | Add back a backslash removed in rev 1.42 so KEX_SERVER_ENCRYPT will | Jonathan Gray |
| 2015-03-24 | promote chacha20-poly1305@openssh.com to be the default cipher; | Damien Miller |
| 2014-07-11 | by popular demand, add back hamc-sha1 to server proposal for better compat | Ted Unangst |
| 2014-04-30 | UMAC can use our local fallback implementation of AES when OpenSSL isn't | Christian Weisgerber |
| 2014-04-29 | make compiling against OpenSSL optional (make OPENSSL=no); | Markus Friedl |
| 2014-03-27 | disable weak proposals in sshd, but keep them in ssh; ok djm@ | Markus Friedl |
| 2014-03-26 | The current sharing of myproposal[] between both client and server code | Theo de Raadt |
| 2014-03-25 | trimm default proposals. | Markus Friedl |
| 2013-12-06 | support ed25519 keys (hostkeys and user identities) using the public domain | Markus Friedl |
| 2013-11-21 | Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" | Damien Miller |
| 2013-11-02 | use curve25519 for default key exchange (curve25519-sha256@libssh.org); | Markus Friedl |
| 2013-01-08 | support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) | Markus Friedl |
| 2012-12-11 | add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms | Markus Friedl |
| 2012-10-04 | add umac128 variant; ok djm@ at n2k12 | Markus Friedl |
| 2012-06-28 | Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed | Darren Tucker |
| 2011-08-02 | Add new SHA256 and SHA512 based HMAC modes from | Damien Miller |
| 2010-09-01 | prefer ECDH in a 256 bit curve field; prompted by naddy@ | Damien Miller |
| 2010-08-31 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | Damien Miller |
| 2010-04-16 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | Damien Miller |
| 2010-02-26 | Add support for certificate key types for users and hosts. | Damien Miller |
| 2009-01-23 | prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC | Damien Miller |
| 2007-06-07 | Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must | Peter Valchev |
