https://twitter.com/satorukanno/status/1737311133885935655

https://github.com/RUB-NDS/Terrapin-Scanner

FreeBSD 12.4 はまだ

Note: While this issue does affect 12.4-STABLE and 12.4-RELEASE, the version
of OpenSSH in 12.4 is old enough the vendor provided patch does not cleanly
apply. As 12.4 goes out of support at the end of December and in order to
quickly get fixes out for 14.0 and 13.2, the FreeBSD Security Team is issuing
this advisory now while feasibility of a 12.4 backport is investigated. Users
with 12.4 are encouraged to either implement the documented workaround or
leverage an up to date version of OpenSSH from the ports/pkg collection.

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

IV. Workaround

Add the following lines to /etc/ssh/ssh_config and /etc/ssh/sshd_config:
Ciphers -chacha20-poly1305@openssh.com
MACs -*etm@openssh.com