===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.366
retrieving revision 1.367
diff -u -r1.366 -r1.367
--- src/usr.bin/ssh/ssh.1	2015/11/15 22:26:49	1.366
+++ src/usr.bin/ssh/ssh.1	2016/02/16 05:11:04	1.367
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.366 2015/11/15 22:26:49 jcs Exp $
-.Dd $Mdocdate: November 15 2015 $
+.\" $OpenBSD: ssh.1,v 1.367 2016/02/16 05:11:04 djm Exp $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -795,15 +795,9 @@
 and
 .Fl 2
 options (see above).
-Both protocols support similar authentication methods,
-but protocol 2 is the default since
-it provides additional mechanisms for confidentiality
-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1,
-hmac-sha2-256, hmac-sha2-512,
-umac-64, umac-128, hmac-ripemd160).
-Protocol 1 lacks a strong mechanism for ensuring the
-integrity of the connection.
+Protocol 2 is the default.
+Protocol 1 should not be used - it suffers from a number of cryptographic
+weaknesses and is only offered to support legacy devices.
 .Pp
 The methods available for authentication are:
 GSSAPI-based authentication,