upstream commit

turn off more old crypto in the client: hmac-md5, ripemd,
 truncated HMACs, RC4, blowfish. ok markus@ dtucker@

Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e

1 files changed, 4 insertions, 15 deletions

diff --git a/myproposal.h b/myproposal.h
index b266b52e1..bdd05966f 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.49 2015/12/05 20:53:21 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -113,9 +113,7 @@
         AESGCM_CIPHER_MODES
 
 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
-        "arcfour256,arcfour128," \
-        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
-        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
+        "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
 
 #define KEX_SERVER_MAC \
         "umac-64-etm@openssh.com," \
@@ -129,18 +127,9 @@
         "hmac-sha2-512," \
         "hmac-sha1"
 
-#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
-        "hmac-md5-etm@openssh.com," \
-        "hmac-ripemd160-etm@openssh.com," \
-        "hmac-sha1-96-etm@openssh.com," \
-        "hmac-md5-96-etm@openssh.com," \
-        "hmac-md5," \
-        "hmac-ripemd160," \
-        "hmac-ripemd160@openssh.com," \
-        "hmac-sha1-96," \
-        "hmac-md5-96"
+#define KEX_CLIENT_MAC KEX_SERVER_MAC
 
-#else
+#else /* WITH_OPENSSL */
 
 #define KEX_SERVER_KEX          \
         "curve25519-sha256@libssh.org"