From 67081b5148f73c9af21e933b460f5bc1affb5661 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 28 Jan 2009 16:33:31 +1100 Subject: [PATCH] - djm@cvs.openbsd.org 2009/01/23 07:58:11 [myproposal.h] prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC modes; ok markus@ --- ChangeLog | 6 +++++- myproposal.h | 9 +++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7d7de3dd9..adb1e3817 100644 --- a/ChangeLog +++ b/ChangeLog @@ -73,6 +73,10 @@ - djm@cvs.openbsd.org 2009/01/22 10:09:16 [auth-options.c] another chunk of a2port() diff that got away. wtfdjm?? + - djm@cvs.openbsd.org 2009/01/23 07:58:11 + [myproposal.h] + prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC + modes; ok markus@ 20090107 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. @@ -5082,5 +5086,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5176 2009/01/28 05:33:01 djm Exp $ +$Id: ChangeLog,v 1.5177 2009/01/28 05:33:31 djm Exp $ diff --git a/myproposal.h b/myproposal.h index 87a9e5820..7bca3bcae 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.22 2007/06/07 19:37:34 pvalchev Exp $ */ +/* $OpenBSD: myproposal.h,v 1.23 2009/01/23 07:58:11 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -41,11 +41,12 @@ #endif #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" + #define KEX_DEFAULT_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ - "arcfour128,arcfour256,arcfour," \ - "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ - "aes128-ctr,aes192-ctr,aes256-ctr" + "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" #define KEX_DEFAULT_MAC \ "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \