T507: Add new OpenSSH ciphers

1 files changed, 10 insertions, 5 deletions

diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def
index 0394b8e4..b5e5af68 100644
--- a/templates/service/ssh/ciphers/node.def
+++ b/templates/service/ssh/ciphers/node.def
@@ -1,21 +1,26 @@
 type: txt
 help: Allowed ciphers
 val_help: txt; Cipher string
-val_help: 3des-cbc; 3DES CBC
+val_help: aes128-gcm@openssh.com; AES 128 GCM
+val_help: aes256-gcm@openssh.com; AES 256 GCM
+val_help: chacha20-poly1305@openssh.com; ChaCha20 Poly1305
+val_help: 3des-cbc; 3DES CBC (weak)
 val_help: aes128-cbc; AES 128 CBC
 val_help: aes192-cbc; AES 192 CBC
 val_help: aes256-cbc; AES 256 CBC
 val_help: aes128-ctr; AES 128 CTR
 val_help: aes192-ctr; AES 192 CTR
 val_help: aes256-ctr; AES 256 CTR
-val_help: arcfour128; AC4 128
-val_help: arcfour256; AC4 256
-val_help: arcfour; AC4
+val_help: arcfour128; AC4 128 (broken)
+val_help: arcfour256; AC4 256 (broken)
+val_help: arcfour; AC4 (broken)
 val_help: blowfish-cbc; Blowfish CBC
 val_help: cast128-cbc; CAST 128 CBC
 comp_help: Multiple ciphers can be specified as a comma-separated list.
 
-syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\
+syntax:expression: pattern $VAR(@) "^((aes128-gcm@openssh.com|\
+aes256-gcm@openssh.com|chacha20-poly1305@openssh.com|\
+3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\
 aes256-ctr|arcfour128|arcfour256|arcfour|\
 blowfish-cbc|cast128-cbc)(,|$))+$"; \
 "$VAR(@) is not a valid cipher list"