• Hirom@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Different timelines could be set for client and server, for instance by disabling RSA by default for server software first, and 2 years later for client software.

    As the article explain, optional doesn’t mean it’s gone. Distributions can and already distribute a separate version for OpenSSH with old algorithms (eg for sshv1) for people forced to work with old servers. Even if distributions do not, anyone can also build OpenSSH themselves with whatever option they want.