diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2015-05-27 23:51:10 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-28 13:53:14 +1000 |
| commit | 3ecde664c9fc5fb3667aedf9e6671462600f6496 (patch) | |
| tree | da5d5c774bd23ab5d5e5984644487773e8e76170 | |
| parent | 40f64292b907afd0a674fdbf3e4c2356d17a7d68 (diff) | |
upstream commit
Reorder client proposal to prefer
diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058
| -rw-r--r-- | myproposal.h | 13 | ||||
| -rw-r--r-- | ssh_config.5 | 6 |
2 files changed, 11 insertions, 8 deletions
diff --git a/myproposal.h b/myproposal.h index c397553a4..a3e444b28 100644 --- a/myproposal.h +++ b/myproposal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: myproposal.h,v 1.43 2015/04/21 07:01:00 jsg Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.44 2015/05/27 23:51:10 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| @@ -83,14 +83,17 @@ | |||
| 83 | # else | 83 | # else |
| 84 | # define KEX_CURVE25519_METHODS "" | 84 | # define KEX_CURVE25519_METHODS "" |
| 85 | # endif | 85 | # endif |
| 86 | #define KEX_SERVER_KEX \ | 86 | #define KEX_COMMON_KEX \ |
| 87 | KEX_CURVE25519_METHODS \ | 87 | KEX_CURVE25519_METHODS \ |
| 88 | KEX_ECDH_METHODS \ | 88 | KEX_ECDH_METHODS \ |
| 89 | KEX_SHA256_METHODS \ | 89 | KEX_SHA256_METHODS |
| 90 | "diffie-hellman-group14-sha1" | ||
| 91 | 90 | ||
| 92 | #define KEX_CLIENT_KEX KEX_SERVER_KEX "," \ | 91 | #define KEX_SERVER_KEX KEX_COMMON_KEX "," \ |
| 92 | "diffie-hellman-group14-sha1" \ | ||
| 93 | |||
| 94 | #define KEX_CLIENT_KEX KEX_COMMON_KEX "," \ | ||
| 93 | "diffie-hellman-group-exchange-sha1," \ | 95 | "diffie-hellman-group-exchange-sha1," \ |
| 96 | "diffie-hellman-group14-sha1," \ | ||
| 94 | "diffie-hellman-group1-sha1" | 97 | "diffie-hellman-group1-sha1" |
| 95 | 98 | ||
| 96 | #define KEX_DEFAULT_PK_ALG \ | 99 | #define KEX_DEFAULT_PK_ALG \ |
diff --git a/ssh_config.5 b/ssh_config.5 index 844556b56..5758eb811 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh_config.5,v 1.208 2015/04/28 13:47:38 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.209 2015/05/27 23:51:10 dtucker Exp $ |
| 37 | .Dd $Mdocdate: April 28 2015 $ | 37 | .Dd $Mdocdate: May 27 2015 $ |
| 38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -975,8 +975,8 @@ The default is: | |||
| 975 | curve25519-sha256@libssh.org, | 975 | curve25519-sha256@libssh.org, |
| 976 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | 976 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
| 977 | diffie-hellman-group-exchange-sha256, | 977 | diffie-hellman-group-exchange-sha256, |
| 978 | diffie-hellman-group14-sha1, | ||
| 979 | diffie-hellman-group-exchange-sha1, | 978 | diffie-hellman-group-exchange-sha1, |
| 979 | diffie-hellman-group14-sha1, | ||
| 980 | diffie-hellman-group1-sha1 | 980 | diffie-hellman-group1-sha1 |
| 981 | .Ed | 981 | .Ed |
| 982 | .Pp | 982 | .Pp |