diff options
| author | Colin Watson <cjwatson@debian.org> | 2013-09-14 23:42:11 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 23:42:11 +0100 |
| commit | 327155e6824b3ee13837bdde04e4eb47e147ff46 (patch) | |
| tree | 8f8743122403c7a2e6ed919156711fb1520c657f /myproposal.h | |
| parent | 0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff) | |
| parent | 74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.3).
- sftp(1): add support for resuming partial downloads using the "reget"
command and on the sftp commandline or on the "get" commandline using
the "-a" (append) option (closes: #158590).
- ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives (closes:
#436052).
- sftp(1): update progressmeter when data is acknowledged, not when it's
sent (partially addresses #708372).
- ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
Diffstat (limited to 'myproposal.h')
| -rw-r--r-- | myproposal.h | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/myproposal.h b/myproposal.h index 99d093461..4e913e3ce 100644 --- a/myproposal.h +++ b/myproposal.h | |||
| @@ -26,6 +26,8 @@ | |||
| 26 | 26 | ||
| 27 | #include <openssl/opensslv.h> | 27 | #include <openssl/opensslv.h> |
| 28 | 28 | ||
| 29 | /* conditional algorithm support */ | ||
| 30 | |||
| 29 | #ifdef OPENSSL_HAS_ECC | 31 | #ifdef OPENSSL_HAS_ECC |
| 30 | # define KEX_ECDH_METHODS \ | 32 | # define KEX_ECDH_METHODS \ |
| 31 | "ecdh-sha2-nistp256," \ | 33 | "ecdh-sha2-nistp256," \ |
| @@ -45,12 +47,22 @@ | |||
| 45 | # define HOSTKEY_ECDSA_METHODS | 47 | # define HOSTKEY_ECDSA_METHODS |
| 46 | #endif | 48 | #endif |
| 47 | 49 | ||
| 48 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | 50 | #ifdef OPENSSL_HAVE_EVPGCM |
| 49 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 51 | # define AESGCM_CIPHER_MODES \ |
| 52 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," | ||
| 53 | #else | ||
| 54 | # define AESGCM_CIPHER_MODES | ||
| 55 | #endif | ||
| 56 | |||
| 57 | #ifdef HAVE_EVP_SHA256 | ||
| 50 | # define KEX_SHA256_METHODS \ | 58 | # define KEX_SHA256_METHODS \ |
| 51 | "diffie-hellman-group-exchange-sha256," | 59 | "diffie-hellman-group-exchange-sha256," |
| 60 | #define SHA2_HMAC_MODES \ | ||
| 61 | "hmac-sha2-256," \ | ||
| 62 | "hmac-sha2-512," | ||
| 52 | #else | 63 | #else |
| 53 | # define KEX_SHA256_METHODS | 64 | # define KEX_SHA256_METHODS |
| 65 | # define SHA2_HMAC_MODES | ||
| 54 | #endif | 66 | #endif |
| 55 | 67 | ||
| 56 | # define KEX_DEFAULT_KEX \ | 68 | # define KEX_DEFAULT_KEX \ |
| @@ -70,19 +82,15 @@ | |||
| 70 | "ssh-rsa," \ | 82 | "ssh-rsa," \ |
| 71 | "ssh-dss" | 83 | "ssh-dss" |
| 72 | 84 | ||
| 85 | /* the actual algorithms */ | ||
| 86 | |||
| 73 | #define KEX_DEFAULT_ENCRYPT \ | 87 | #define KEX_DEFAULT_ENCRYPT \ |
| 74 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 88 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
| 75 | "arcfour256,arcfour128," \ | 89 | "arcfour256,arcfour128," \ |
| 76 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ | 90 | AESGCM_CIPHER_MODES \ |
| 77 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 91 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
| 78 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 92 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
| 79 | #ifdef HAVE_EVP_SHA256 | 93 | |
| 80 | #define SHA2_HMAC_MODES \ | ||
| 81 | "hmac-sha2-256," \ | ||
| 82 | "hmac-sha2-512," | ||
| 83 | #else | ||
| 84 | # define SHA2_HMAC_MODES | ||
| 85 | #endif | ||
| 86 | #define KEX_DEFAULT_MAC \ | 94 | #define KEX_DEFAULT_MAC \ |
| 87 | "hmac-md5-etm@openssh.com," \ | 95 | "hmac-md5-etm@openssh.com," \ |
| 88 | "hmac-sha1-etm@openssh.com," \ | 96 | "hmac-sha1-etm@openssh.com," \ |