From e6745f425790cd5ec55c5e38abcc2113f5083924 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 25 Jan 2014 10:12:51 +0000 Subject: Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@ --- usr.bin/ssh/kex.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'usr.bin/ssh/kex.h') diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index f52848ecd96..5904448c173 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -121,6 +121,7 @@ struct Kex { u_int session_id_len; Newkeys *newkeys[MODE_MAX]; u_int we_need; + u_int dh_need; int server; char *name; int hostkey_type; -- cgit v1.2.3