upstream commit

turn off more old crypto in the client: hmac-md5, ripemd, truncated HMACs, RC4, blowfish. ok markus@ dtucker@ Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e
2016-02-09 05:30:04 +00:00 · 2016-02-09 05:30:04 +00:00 · 714e367226
parent 5a622844ff
commit 714e367226
1 changed files with 4 additions and 15 deletions
--- a/myproposal.h
+++ b/myproposal.h
@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.49 2015/12/05 20:53:21 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */

 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@ -113,9 +113,7 @@
 	AESGCM_CIPHER_MODES

 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
-	"arcfour256,arcfour128," \
-	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
-	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
+	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"

 #define KEX_SERVER_MAC \
 	"umac-64-etm@openssh.com," \
@ -129,18 +127,9 @@
 	"hmac-sha2-512," \
 	"hmac-sha1"

-#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
-	"hmac-md5-etm@openssh.com," \
-	"hmac-ripemd160-etm@openssh.com," \
-	"hmac-sha1-96-etm@openssh.com," \
-	"hmac-md5-96-etm@openssh.com," \
-	"hmac-md5," \
-	"hmac-ripemd160," \
-	"hmac-ripemd160@openssh.com," \
-	"hmac-sha1-96," \
-	"hmac-md5-96"
+#define KEX_CLIENT_MAC KEX_SERVER_MAC

-#else
+#else /* WITH_OPENSSL */

 #define KEX_SERVER_KEX		\
 	"curve25519-sha256@libssh.org"