diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 11:47:24 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 11:47:24 +1000 |
commit | 97b62f41adcb0dcbeff142d0540793a7ea17c910 (patch) | |
tree | 72760674310073300403bc8a3f864323ee9323a3 /myproposal.h | |
parent | 6d8bd57448b45b42809da32857d7804444349ee7 (diff) |
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
the required OpenSSL support. Patch from naddy at freebsd.
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h index f13c74850..276108bf6 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -45,6 +45,13 @@ | |||
45 | # define HOSTKEY_ECDSA_METHODS | 45 | # define HOSTKEY_ECDSA_METHODS |
46 | #endif | 46 | #endif |
47 | 47 | ||
48 | #ifdef OPENSSL_HAVE_EVPGCM | ||
49 | # define AESGCM_CIPHER_MODES \ | ||
50 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," | ||
51 | #else | ||
52 | # define AESGCM_CIPHER_MODES | ||
53 | #endif | ||
54 | |||
48 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | 55 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ |
49 | #ifdef HAVE_EVP_SHA256 | 56 | #ifdef HAVE_EVP_SHA256 |
50 | # define KEX_SHA256_METHODS \ | 57 | # define KEX_SHA256_METHODS \ |
@@ -73,7 +80,7 @@ | |||
73 | #define KEX_DEFAULT_ENCRYPT \ | 80 | #define KEX_DEFAULT_ENCRYPT \ |
74 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 81 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
75 | "arcfour256,arcfour128," \ | 82 | "arcfour256,arcfour128," \ |
76 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ | 83 | AESGCM_CIPHER_MODES \ |
77 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 84 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
78 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 85 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
79 | #ifdef HAVE_EVP_SHA256 | 86 | #ifdef HAVE_EVP_SHA256 |