Reorder client proposal to prefer diffie-hellman-group-exchange-sha1 over

diffie-hellman-group14-sha1.  ok djm@

2 files changed, 11 insertions, 8 deletions

diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index e09f4c3cd72..3323ce53467 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.43 2015/04/21 07:01:00 jsg Exp $ */
+/* $OpenBSD: myproposal.h,v 1.44 2015/05/27 23:51:10 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,16 +26,19 @@
 
 #ifdef WITH_OPENSSL
 
-#define KEX_SERVER_KEX		\
+#define KEX_COMMON_KEX		\
 	"curve25519-sha256@libssh.org," \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384," \
 	"ecdh-sha2-nistp521," \
-	"diffie-hellman-group-exchange-sha256," \
-	"diffie-hellman-group14-sha1" \
+	"diffie-hellman-group-exchange-sha256"
+
+#define KEX_SERVER_KEX KEX_COMMON_KEX "," \
+	"diffie-hellman-group14-sha1"
 
-#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
+#define KEX_CLIENT_KEX KEX_COMMON_KEX "," \
 	"diffie-hellman-group-exchange-sha1," \
+	"diffie-hellman-group14-sha1," \
 	"diffie-hellman-group1-sha1"
 
 #define	KEX_DEFAULT_PK_ALG	\
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 844556b56e6..5758eb8114d 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.208 2015/04/28 13:47:38 jmc Exp $
-.Dd $Mdocdate: April 28 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.209 2015/05/27 23:51:10 dtucker Exp $
+.Dd $Mdocdate: May 27 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -975,8 +975,8 @@ The default is:
 curve25519-sha256@libssh.org,
 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,
-diffie-hellman-group14-sha1,
 diffie-hellman-group-exchange-sha1,
+diffie-hellman-group14-sha1,
 diffie-hellman-group1-sha1
 .Ed
 .Pp