diff options
author | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
commit | 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch) | |
tree | ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /myproposal.h | |
parent | c5893785564498cea73cb60d2cf199490483e080 (diff) |
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h index 94d6f7061..020f35c77 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -77,6 +77,7 @@ | |||
77 | # define SHA2_HMAC_MODES | 77 | # define SHA2_HMAC_MODES |
78 | #endif | 78 | #endif |
79 | 79 | ||
80 | #ifdef WITH_OPENSSL | ||
80 | #define KEX_SERVER_KEX \ | 81 | #define KEX_SERVER_KEX \ |
81 | "curve25519-sha256@libssh.org," \ | 82 | "curve25519-sha256@libssh.org," \ |
82 | KEX_ECDH_METHODS \ | 83 | KEX_ECDH_METHODS \ |
@@ -134,6 +135,30 @@ | |||
134 | "hmac-sha1-96," \ | 135 | "hmac-sha1-96," \ |
135 | "hmac-md5-96" | 136 | "hmac-md5-96" |
136 | 137 | ||
138 | #else | ||
139 | |||
140 | #define KEX_SERVER_KEX \ | ||
141 | "curve25519-sha256@libssh.org" | ||
142 | #define KEX_DEFAULT_PK_ALG \ | ||
143 | "ssh-ed25519-cert-v01@openssh.com," \ | ||
144 | "ssh-ed25519" | ||
145 | #define KEX_SERVER_ENCRYPT \ | ||
146 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | ||
147 | "chacha20-poly1305@openssh.com" | ||
148 | #define KEX_SERVER_MAC \ | ||
149 | "hmac-sha2-256-etm@openssh.com," \ | ||
150 | "hmac-sha2-512-etm@openssh.com," \ | ||
151 | "hmac-sha2-256," \ | ||
152 | "hmac-sha2-512" | ||
153 | |||
154 | #define KEX_CLIENT_KEX KEX_SERVER_KEX | ||
155 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT | ||
156 | #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ | ||
157 | "hmac-sha1-etm@openssh.com," \ | ||
158 | "hmac-sha1" | ||
159 | |||
160 | #endif /* WITH_OPENSSL */ | ||
161 | |||
137 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" | 162 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
138 | #define KEX_DEFAULT_LANG "" | 163 | #define KEX_DEFAULT_LANG "" |
139 | 164 | ||