summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2016-02-09 05:30:05 +0000
committerDamien Miller <djm@cvs.openbsd.org>2016-02-09 05:30:05 +0000
commitc3a251bd16b2ad68484bf62fc81afd2752bbbda8 (patch)
tree969f1d4397aeee114237bcc8968f60f973d056d8
parent39ca0eb07b2638c3a9f17ed558c23e7879fca5c8 (diff)
turn off more old crypto in the client: hmac-md5, ripemd, truncated
HMACs, RC4, blowfish. ok markus@ dtucker@
-rw-r--r--usr.bin/ssh/myproposal.h21
1 files changed, 5 insertions, 16 deletions
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index 57bee47ef93..45b35834563 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.49 2015/12/05 20:53:21 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -60,9 +60,7 @@
"aes128-gcm@openssh.com,aes256-gcm@openssh.com"
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
- "arcfour256,arcfour128," \
- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
- "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
+ "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
#define KEX_SERVER_MAC \
"umac-64-etm@openssh.com," \
@@ -76,18 +74,9 @@
"hmac-sha2-512," \
"hmac-sha1"
-#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
- "hmac-md5-etm@openssh.com," \
- "hmac-ripemd160-etm@openssh.com," \
- "hmac-sha1-96-etm@openssh.com," \
- "hmac-md5-96-etm@openssh.com," \
- "hmac-md5," \
- "hmac-ripemd160," \
- "hmac-ripemd160@openssh.com," \
- "hmac-sha1-96," \
- "hmac-md5-96"
-
-#else
+#define KEX_CLIENT_MAC KEX_SERVER_MAC
+
+#else /* WITH_OPENSSL */
#define KEX_SERVER_KEX \
"curve25519-sha256@libssh.org"