summaryrefslogtreecommitdiff
path: root/myproposal.h
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-09-10 11:39:26 +1000
committerDamien Miller <djm@mindrot.org>2010-09-10 11:39:26 +1000
commit6af914a15c0c33e8b5bab5ca61919b8562ff1db9 (patch)
treeb87546d8a88a05e6fd600cbb2b8c0b132278cb10 /myproposal.h
parent041ab7c1e7d6514ed84a539a767f79ffb356e807 (diff)
- (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
Diffstat (limited to 'myproposal.h')
-rw-r--r--myproposal.h53
1 files changed, 29 insertions, 24 deletions
diff --git a/myproposal.h b/myproposal.h
index 5daca533b..893190788 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -26,44 +26,49 @@
26 26
27#include <openssl/opensslv.h> 27#include <openssl/opensslv.h>
28 28
29#ifdef OPENSSL_HAS_ECC
30# define KEX_ECDH_METHODS \
31 "ecdh-sha2-nistp256," \
32 "ecdh-sha2-nistp384," \
33 "ecdh-sha2-nistp521,"
34# define HOSTKEY_ECDSA_CERT_METHODS \
35 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
36 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
37 "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
38# define HOSTKEY_ECDSA_METHODS \
39 "ecdsa-sha2-nistp256," \
40 "ecdsa-sha2-nistp384," \
41 "ecdsa-sha2-nistp521,"
42#else
43# define KEX_ECDH_METHODS
44# define HOSTKEY_ECDSA_CERT_METHODS
45# define HOSTKEY_ECDSA_METHODS
46#endif
47
29/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ 48/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
30#if OPENSSL_VERSION_NUMBER < 0x00907000L 49#if OPENSSL_VERSION_NUMBER < 0x00907000L
31# define KEX_DEFAULT_KEX \ 50# define KEX_SHA256_METHODS \
32 "diffie-hellman-group-exchange-sha1," \ 51 "diffie-hellman-group-exchange-sha1,"
33 "diffie-hellman-group14-sha1," \
34 "diffie-hellman-group1-sha1"
35
36#define KEX_DEFAULT_PK_ALG \
37 "ssh-rsa-cert-v01@openssh.com," \
38 "ssh-dss-cert-v01@openssh.com," \
39 "ssh-rsa-cert-v00@openssh.com," \
40 "ssh-dss-cert-v00@openssh.com," \
41 "ssh-rsa," \
42 "ssh-dss"
43#else 52#else
44# define KEX_DEFAULT_KEX \ 53# define KEX_SHA256_METHODS
45 "ecdh-sha2-nistp256," \ 54#endif
46 "ecdh-sha2-nistp384," \ 55
47 "ecdh-sha2-nistp521," \ 56# define KEX_DEFAULT_KEX \
48 "diffie-hellman-group-exchange-sha256," \ 57 KEX_ECDH_METHODS \
58 KEX_SHA256_METHODS \
49 "diffie-hellman-group-exchange-sha1," \ 59 "diffie-hellman-group-exchange-sha1," \
50 "diffie-hellman-group14-sha1," \ 60 "diffie-hellman-group14-sha1," \
51 "diffie-hellman-group1-sha1" 61 "diffie-hellman-group1-sha1"
52 62
53#define KEX_DEFAULT_PK_ALG \ 63#define KEX_DEFAULT_PK_ALG \
54 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ 64 HOSTKEY_ECDSA_CERT_METHODS \
55 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
56 "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
57 "ssh-rsa-cert-v01@openssh.com," \ 65 "ssh-rsa-cert-v01@openssh.com," \
58 "ssh-dss-cert-v01@openssh.com," \ 66 "ssh-dss-cert-v01@openssh.com," \
59 "ssh-rsa-cert-v00@openssh.com," \ 67 "ssh-rsa-cert-v00@openssh.com," \
60 "ssh-dss-cert-v00@openssh.com," \ 68 "ssh-dss-cert-v00@openssh.com," \
61 "ecdsa-sha2-nistp256," \ 69 HOSTKEY_ECDSA_METHODS \
62 "ecdsa-sha2-nistp384," \
63 "ecdsa-sha2-nistp521," \
64 "ssh-rsa," \ 70 "ssh-rsa," \
65 "ssh-dss" 71 "ssh-dss"
66#endif
67 72
68#define KEX_DEFAULT_ENCRYPT \ 73#define KEX_DEFAULT_ENCRYPT \
69 "aes128-ctr,aes192-ctr,aes256-ctr," \ 74 "aes128-ctr,aes192-ctr,aes256-ctr," \
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-27 23:40:37 +0000