From 4ee8dc64982b62cd520417556515383908091b76 Mon Sep 17 00:00:00 2001
From: Andrew <anmenaga@microsoft.com>
Date: Thu, 30 Nov 2023 18:08:35 -0800
Subject: [PATCH] Removed sha1-based MACs from default config (#706)

---
 myproposal.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/myproposal.h b/myproposal.h
index ee6e9f741..a054f79e2 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -63,6 +63,17 @@
 
 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
 
+#ifdef WINDOWS
+#define	KEX_SERVER_MAC \
+	"umac-64-etm@openssh.com," \
+	"umac-128-etm@openssh.com," \
+	"hmac-sha2-256-etm@openssh.com," \
+	"hmac-sha2-512-etm@openssh.com," \
+	"umac-64@openssh.com," \
+	"umac-128@openssh.com," \
+	"hmac-sha2-256," \
+	"hmac-sha2-512,"
+#else
 #define	KEX_SERVER_MAC \
 	"umac-64-etm@openssh.com," \
 	"umac-128-etm@openssh.com," \
@@ -74,6 +85,7 @@
 	"hmac-sha2-256," \
 	"hmac-sha2-512," \
 	"hmac-sha1"
+#endif
 
 #define KEX_CLIENT_MAC KEX_SERVER_MAC