1 files changed, 11 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index ad3692b38..0f4aa639d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.151 2012/12/03 08:33:03 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.152 2012/12/11 22:31:18 markus Exp $
-.Dd $Mdocdate: December 3 2012 $
+.Dd $Mdocdate: December 11 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -706,8 +706,17 @@ Specifies the available MAC (message authentication code) algorithms.
 The MAC algorithm is used in protocol version 2
 for data integrity protection.
 Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
 The default is:
 .Bd -literal -offset indent
+hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+hmac-md5-96-etm@openssh.com,
 hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96

diff --git a/sshd_config.5 b/sshd_config.5 index ad3692b38..0f4aa639d 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.151 2012/12/03 08:33:03 jmc Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.152 2012/12/11 22:31:18 markus Exp $
37	.Dd $Mdocdate: December 3 2012 $	37	.Dd $Mdocdate: December 11 2012 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -706,8 +706,17 @@ Specifies the available MAC (message authentication code) algorithms.
706	The MAC algorithm is used in protocol version 2	706	The MAC algorithm is used in protocol version 2
707	for data integrity protection.	707	for data integrity protection.
708	Multiple algorithms must be comma-separated.	708	Multiple algorithms must be comma-separated.
		709	The algorithms that contain
		710	.Dq -etm
		711	calculate the MAC after encryption (encrypt-then-mac).
		712	These are considered safer and their use recommended.
709	The default is:	713	The default is:
710	.Bd -literal -offset indent	714	.Bd -literal -offset indent
		715	hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
		716	umac-64-etm@openssh.com,umac-128-etm@openssh.com,
		717	hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
		718	hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
		719	hmac-md5-96-etm@openssh.com,
711	hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,	720	hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
712	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,	721	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
713	hmac-sha1-96,hmac-md5-96	722	hmac-sha1-96,hmac-md5-96