2 files changed, 10 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 61601f6ba..2f6572779 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -44,6 +44,11 @@
      add tests for RekeyLimit parsing
  - (dtucker) [regress/bsd.regress.mk] Remove unused file.  We've never used it
    in portable and it's long gone in openbsd.
+ - (dtucker) [regress/integrity.sh].  Force fixed Diffie-Hellman key exchange
+   methods.  When the openssl version doesn't support ECDH then next one on
+   the list is DH group exchange, but that causes a bit more traffic which can
+   mean that the tests flip bits in the initial exchange rather than the MACed
+   traffic and we get different errors to what the tests look for.
 
 20130516
  - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 3950b7d1f..2621a0025 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -21,6 +21,11 @@ config_defined HAVE_EVP_SHA256 &&
 config_defined OPENSSL_HAVE_EVPGCM && \
         macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
 
+# avoid DH group exchange as the extra traffic makes it harder to get the
+# offset into the stream right.
+echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
+        >> $OBJ/ssh_proxy
+
 # sshd-command for proxy (see test-exec.sh)
 cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"