Bitbucket v4.14.4: can not disable ssh ciphers

Due to vulnerables in some ssh ciphers, I put this in bitbucket.properties :

plugin.ssh.disabled.ciphers=arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc

After that, these ciphere still enabled:

arcfour256, aes192-cbc, aes256-cbc

The command used to check:

nmap --script ssh2-enum-algos -sV -p 7999 localhost

Why some ciphers from the list still enabled?

1 answer

0 votes

Hi Kiril,

Did you restart Bitbucket Server after the change?

Cheers,

Christian

Premier Support Engineer

Atlassian

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Yes Christian, I restart Bitbucket Server after any change in bitbucket.properties .

After restart some cipheres disappeared, but not all from the list.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.