In TrueNAS-12.0-U1.1 under Services/SSH -> Advanced options there is a configuration option called "Weak Ciphers" with predefined entries with the values "None, AES-128-CBC."
But what isn't said is the meaning of that entry.
Does it mean, that all those ciphers, that are listed in Weak Ciphers are not used and thus deactivated or does it mean, these ciphers are activated by default and used because they are listed?
If the options is there to deactivate these ciphers, i would recommend to rename it to "deactived ciphers" and then list them.
Or better, don't list them, and deactive them by default and if someone wants to activate it, the option should be called "additional activated ciphers to use".
At the moment it is very confusing and the meaning if activated or deactivated is unclear.
The help button is also not of much help, because it only says "Allow more ciphers for sshd(8)..."
and the article from "TrueNAS Documentation Hub/Initial Setup/Networking/SSH Connections" seems to be outdated because there is no option called "weak ciphers", instead there the text talks about something like "Add NoneEnabled no to disable the insecure none cipher.".
But what isn't said is the meaning of that entry.
Does it mean, that all those ciphers, that are listed in Weak Ciphers are not used and thus deactivated or does it mean, these ciphers are activated by default and used because they are listed?
If the options is there to deactivate these ciphers, i would recommend to rename it to "deactived ciphers" and then list them.
Or better, don't list them, and deactive them by default and if someone wants to activate it, the option should be called "additional activated ciphers to use".
At the moment it is very confusing and the meaning if activated or deactivated is unclear.
The help button is also not of much help, because it only says "Allow more ciphers for sshd(8)..."
and the article from "TrueNAS Documentation Hub/Initial Setup/Networking/SSH Connections" seems to be outdated because there is no option called "weak ciphers", instead there the text talks about something like "Add NoneEnabled no to disable the insecure none cipher.".