Our IT dept uses automated scanning tools to discover vulnerabilities. Having the CBC ciphers enabled for the ssh connection to jenkins throws warnings in the tools.

I would like a configuration option to enable/disable particular ciphers, so that I could disable the cbc ciphers.

Our IT dept is able to do their job better when scans are clean and not throwing flags up at management.

This could be left as is, but allowing users the option to increase security at low implementation risk is almost always a good thing.