4.4 Cipher algorithms
Modules of this type are used by the transport layer in order to encipher and decipher the ssh2 packets transmitted over the network.
Cipher algorithms are specified in rfc4253 and their CTR variants are specified in rfc4344. Both are implemented.
Authenticated ciphers are supported too. When one is selected, the use of a separate message authentication algorithm is unnecessary. In this case, the binary packet format described in rfc5647 is used but the algorithms selection mechanism described for AEAD_AES_128_GCM is broken by design and not implemented. What actually happens is that the MAC algorithm selection is ignored when an authenticated cipher is selected, as specified for the aes128-gcm@openssh.com private algorithm.
Cipher related declarations can be found in assh/assh_cipher.h.
The following cipher algorithms have built-in support:
chacha20-poly1305@openssh.com,
aes128-cbc, aes192-cbc, aes256-cbc,
aes128-ctr, aes192-ctr, aes256-ctr,
arcfour, arcfour128, arcfour256.
When the Libgcrypt library is used, these additional cipher algorithms are available:
serpent128-cbc, serpent192-cbc, serpent256-cbc,
serpent128-ctr, serpent192-ctr, serpent256-ctr,
twofish128-cbc, twofish256-cbc,
twofish128-ctr, twofish256-ctr,
3des-cbc, 3des-ctr,
cast128-cbc, cast128-ctr,
blowfish-cbc, blowfish-ctr.
aes128-gcm@openssh.com, aes256-gcm@openssh.com,
serpent128-gcm@libassh.org, serpent256-gcm@libassh.org,
twofish128-gcm@libassh.org, twofish256-gcm@libassh.org,
camellia128-cbc, camellia192-cbc, camellia256-cbc,
camellia128-ctr, camellia192-ctr, camellia256-ctr,
When the OpenSSL library is used instead, these additional cipher algorithms are available:
3des-cbc,
cast128-cbc,
blowfish-cbc,
aes128-gcm@openssh.com, aes256-gcm@openssh.com,
camellia128-cbc, camellia192-cbc, camellia256-cbc,
camellia128-ctr, camellia192-ctr, camellia256-ctr,