SSH v1 Protocol Removal: The release removes support for the SSH v1 protocol, which is client-only and currently compile-time disabled. Blowfish and RC4 Ciphers Removal: Support for Blowfish and RC4 ciphers will be removed as they are currently run-time disabled. RSA Key Size Restriction: RSA keys smaller than 1024 bits will be refused (the current minimum in FIPS mode). Privilege Separation Disabled: Running sshd(8) with privilege separation disabled will be unsupported. DSA v1.0 Protocol Removal: Server support for the DSA v1.0 protocol is removed. Potential Incompatibility Changes: - ssh(1): Removes 3des-cbc from the client's default proposal. - ssh(1): Refuses to load PKCS#11 modules outside a whitelisted path when running setuid root. - ssh(8): When a forced-command appears in both a certificate and authorized_keys/principals file, sshd(8) now enforces that the two commands match. - ssh(8): When privilege separation is disabled, forwarded Unix-domain sockets are chowned to the user instead of "root". - ssh(8): Avoids theoretical leak of host private key material to privilege-separated child processes via realpath(). - ssh(8): Fixes denial-of-service condition where an attacker who sends multiple KEXINIT messages may consume up to 12MB per connection. - ssh(8): Validates address ranges for Allow/DenyUsers and DenyHosts keywords against IPv6 addresses, not just invalid ones. - ssh(1), ssh(1): Improves reporting when attempting to load certificates or public keys that have no corresponding bare public key. - sftp(1): On Mac OS X, waits for underlying ssh(1) to suspend before suspending itself, ensuring it resumes the terminal mode correctly if suspended during a password prompt.