From 17c6eefddf3524f0c2a88b243e02b4739335557b Mon Sep 17 00:00:00 2001
From: ergosteur <1992147+ergosteur@users.noreply.github.com>
Date: Wed, 19 Nov 2025 02:25:27 -0500
Subject: [PATCH] Add AES-256-CBC cipher option for legacy mode

---
 openssh_protocol_handler.bat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openssh_protocol_handler.bat b/openssh_protocol_handler.bat
index 8ce27bf..b84447a 100644
--- a/openssh_protocol_handler.bat
+++ b/openssh_protocol_handler.bat
@@ -142,7 +142,7 @@ REM ============================================================================
     echo.
     SET /P "LEGACY_CHOICE=Enable legacy mode for old devices? (y/N): "
     IF /I "!LEGACY_CHOICE!"=="Y" (
-        SET "LegacyOpts=-o KexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o MACs=+hmac-sha1,hmac-sha1-96"
+        SET "LegacyOpts=-o KexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o MACs=+hmac-sha1,hmac-sha1-96 -o ciphers=+aes256-cbc"
         echo.
         echo [!] Legacy mode enabled. Insecure algorithms will be offered.
     )