upstream commit

turn off 1024 bit diffie-hellman-group1-sha1 key
 exchange method (already off in server, this turns it off in the client by
 default too) ok dtucker@

Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa

myproposal.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.45 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.46 2015/07/03 03:47:00 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -93,8 +93,7 @@
 
 #define KEX_CLIENT_KEX KEX_COMMON_KEX \
 	"diffie-hellman-group-exchange-sha1," \
-	"diffie-hellman-group14-sha1," \
+	"diffie-hellman-group14-sha1"
-	"diffie-hellman-group1-sha1"
 
 #define	KEX_DEFAULT_PK_ALG	\
 	HOSTKEY_ECDSA_CERT_METHODS \

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $
-.Dd $Mdocdate: June 2 2015 $
+.Dd $Mdocdate: July 3 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -980,8 +980,7 @@ curve25519-sha256@libssh.org,
 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,
 diffie-hellman-group-exchange-sha1,
-diffie-hellman-group14-sha1,
+diffie-hellman-group14-sha1
-diffie-hellman-group1-sha1
 .Ed
 .Pp
 The list of available key exchange algorithms may also be obtained using the

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.451 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.452 2015/07/03 03:47:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2523,9 +2523,7 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen,
 	return 0;
 }
 
-/*
+/* SSH2 key exchange */
- * SSH2 key exchange: diffie-hellman-group1-sha1
- */
 static void
 do_ssh2_kex(void)
 {