Chilkat v184.108.40.206 Mitigates Vulnerability to the SSH Terrapin Attack
Chilkat v220.127.116.11 makes changes to mitigate the Terrapin attack problem.
It does so by modifying the selection of the default algorithms in the following ways:
- email@example.com is no longer included by default. It can be re-added by specifying “+firstname.lastname@example.org” in the UncommonOptions property.
- We are going to keep the “-cbc” encryption modes because potentially too many servers would be affected by eliminating these encryption algorithms. However, we no longer include the “-etm” MAC algorithms, which are:
The -etm MAC algorithms can be re-added by specifying “+ssh-hmac-etm” in UncommonOptions.
For more information about the Terrapin attack, see https://terrapin-attack.com/
Chilkat (with the above modifications) has been tested using the vulnerability scanner
found at https://github.com/RUB-NDS/Terrapin-Scanner/releases/tag/v1.1.0