- djm@cvs.openbsd.org 2009/01/23 07:58:11

     [myproposal.h]
     prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
     modes; ok markus@

2 files changed, 10 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 7d7de3dd9..adb1e3817 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -73,6 +73,10 @@
    - djm@cvs.openbsd.org 2009/01/22 10:09:16
      [auth-options.c]
      another chunk of a2port() diff that got away. wtfdjm??
+   - djm@cvs.openbsd.org 2009/01/23 07:58:11
+     [myproposal.h]
+     prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
+     modes; ok markus@
 
 20090107
  - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
@@ -5082,5 +5086,5 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5176 2009/01/28 05:33:01 djm Exp $
+$Id: ChangeLog,v 1.5177 2009/01/28 05:33:31 djm Exp $
 
diff --git a/myproposal.h b/myproposal.h
index 87a9e5820..7bca3bcae 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.22 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: myproposal.h,v 1.23 2009/01/23 07:58:11 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -41,11 +41,12 @@
 #endif
 
 #define KEX_DEFAULT_PK_ALG      "ssh-rsa,ssh-dss"
+
 #define KEX_DEFAULT_ENCRYPT \
+        "aes128-ctr,aes192-ctr,aes256-ctr," \
+        "arcfour256,arcfour128," \
         "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
-        "arcfour128,arcfour256,arcfour," \
-        "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
-        "aes128-ctr,aes192-ctr,aes256-ctr"
+        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 #define KEX_DEFAULT_MAC \
         "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
         "hmac-ripemd160@openssh.com," \