diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2016-02-09 05:30:05 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2016-02-09 05:30:05 +0000 |
commit | c3a251bd16b2ad68484bf62fc81afd2752bbbda8 (patch) | |
tree | 969f1d4397aeee114237bcc8968f60f973d056d8 | |
parent | 39ca0eb07b2638c3a9f17ed558c23e7879fca5c8 (diff) |
turn off more old crypto in the client: hmac-md5, ripemd, truncated
HMACs, RC4, blowfish. ok markus@ dtucker@
-rw-r--r-- | usr.bin/ssh/myproposal.h | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index 57bee47ef93..45b35834563 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.49 2015/12/05 20:53:21 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -60,9 +60,7 @@ "aes128-gcm@openssh.com,aes256-gcm@openssh.com" #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ - "arcfour256,arcfour128," \ - "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ - "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" + "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" #define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ @@ -76,18 +74,9 @@ "hmac-sha2-512," \ "hmac-sha1" -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ - "hmac-md5-etm@openssh.com," \ - "hmac-ripemd160-etm@openssh.com," \ - "hmac-sha1-96-etm@openssh.com," \ - "hmac-md5-96-etm@openssh.com," \ - "hmac-md5," \ - "hmac-ripemd160," \ - "hmac-ripemd160@openssh.com," \ - "hmac-sha1-96," \ - "hmac-md5-96" - -#else +#define KEX_CLIENT_MAC KEX_SERVER_MAC + +#else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org" |