diff options
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 51 |
1 files changed, 37 insertions, 14 deletions
diff --git a/myproposal.h b/myproposal.h index 7bedfab0a..2c43607a7 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.25 2010/04/16 01:47:26 djm Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.27 2010/09/01 22:42:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -26,26 +26,49 @@ | |||
26 | 26 | ||
27 | #include <openssl/opensslv.h> | 27 | #include <openssl/opensslv.h> |
28 | 28 | ||
29 | #ifdef OPENSSL_HAS_ECC | ||
30 | # define KEX_ECDH_METHODS \ | ||
31 | "ecdh-sha2-nistp256," \ | ||
32 | "ecdh-sha2-nistp384," \ | ||
33 | "ecdh-sha2-nistp521," | ||
34 | # define HOSTKEY_ECDSA_CERT_METHODS \ | ||
35 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ | ||
36 | "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ | ||
37 | "ecdsa-sha2-nistp521-cert-v01@openssh.com," | ||
38 | # define HOSTKEY_ECDSA_METHODS \ | ||
39 | "ecdsa-sha2-nistp256," \ | ||
40 | "ecdsa-sha2-nistp384," \ | ||
41 | "ecdsa-sha2-nistp521," | ||
42 | #else | ||
43 | # define KEX_ECDH_METHODS | ||
44 | # define HOSTKEY_ECDSA_CERT_METHODS | ||
45 | # define HOSTKEY_ECDSA_METHODS | ||
46 | #endif | ||
47 | |||
29 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | 48 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ |
30 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 49 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
31 | # define KEX_DEFAULT_KEX \ | 50 | # define KEX_SHA256_METHODS \ |
32 | "diffie-hellman-group-exchange-sha1," \ | 51 | "diffie-hellman-group-exchange-sha256," |
33 | "diffie-hellman-group14-sha1," \ | ||
34 | "diffie-hellman-group1-sha1" | ||
35 | #else | 52 | #else |
36 | # define KEX_DEFAULT_KEX \ | 53 | # define KEX_SHA256_METHODS |
37 | "diffie-hellman-group-exchange-sha256," \ | 54 | #endif |
55 | |||
56 | # define KEX_DEFAULT_KEX \ | ||
57 | KEX_ECDH_METHODS \ | ||
58 | KEX_SHA256_METHODS \ | ||
38 | "diffie-hellman-group-exchange-sha1," \ | 59 | "diffie-hellman-group-exchange-sha1," \ |
39 | "diffie-hellman-group14-sha1," \ | 60 | "diffie-hellman-group14-sha1," \ |
40 | "diffie-hellman-group1-sha1" | 61 | "diffie-hellman-group1-sha1" |
41 | #endif | ||
42 | 62 | ||
43 | #define KEX_DEFAULT_PK_ALG \ | 63 | #define KEX_DEFAULT_PK_ALG \ |
44 | "ssh-rsa-cert-v01@openssh.com," \ | 64 | HOSTKEY_ECDSA_CERT_METHODS \ |
45 | "ssh-dss-cert-v01@openssh.com," \ | 65 | "ssh-rsa-cert-v01@openssh.com," \ |
46 | "ssh-rsa-cert-v00@openssh.com," \ | 66 | "ssh-dss-cert-v01@openssh.com," \ |
47 | "ssh-dss-cert-v00@openssh.com," \ | 67 | "ssh-rsa-cert-v00@openssh.com," \ |
48 | "ssh-rsa,ssh-dss" | 68 | "ssh-dss-cert-v00@openssh.com," \ |
69 | HOSTKEY_ECDSA_METHODS \ | ||
70 | "ssh-rsa," \ | ||
71 | "ssh-dss" | ||
49 | 72 | ||
50 | #define KEX_DEFAULT_ENCRYPT \ | 73 | #define KEX_DEFAULT_ENCRYPT \ |
51 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 74 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |