Different results based on flag used

[Venefic]

Encountered an interesting thing, not sure if it's a bug or not. But getting different results while using the scanner based on if i use --connect or -connect flags. You can see it in the screenshot attached, both scans performed one after the other without any changes server-side.
Best regards

[TrueSkrillor]

This is interesting, although I doubt that it is related to the different number of dashes for the connect flag. The CLI parsing is completely separate from the actual scanning, so I don't see a way how the one could influence the other (aside from the parameter values, of course). Can you provide me answers to the following questions:

• Is the result reproducible, i.e. does using one dash always result in ChaCha20-Poly1305 support being detected, while two dashes indicate no support? Or do you observe some kind of non-determinism?
• Have you changed the configuration of the SSH server? Or does it use the default configuration regarding encryption modes?

[TrueSkrillor]

Unable to reproduce. I set up the exact version of Debian and OpenSSH that you are using (bookworm, openssh-server 1:9.2p1-2+deb12u1) inside a docker container and also used the scanner's docker image for scanning. Changing dashes doesn't make a difference; the scanner always returns the first of the two results you posted. Can you please provide more insight by answering the questions above?