diff options
author | Sahana Prasad <sahana@redhat.com> | 2020-08-26 12:02:29 +0200 |
---|---|---|
committer | Sahana Prasad <sahana@redhat.com> | 2020-09-29 11:35:51 +0200 |
commit | cc953ff7e4b50b9467fb1bb6b15c28648ebfcaeb (patch) | |
tree | 388bab8438887c0749e97bbead5cc8c713b4366b /src/kex.c | |
parent | d10f971bbb7aaecd0ab82953027c462743814173 (diff) | |
download | libssh-cc953ff7e4b50b9467fb1bb6b15c28648ebfcaeb.tar.gz libssh-cc953ff7e4b50b9467fb1bb6b15c28648ebfcaeb.tar.xz libssh-cc953ff7e4b50b9467fb1bb6b15c28648ebfcaeb.zip |
src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/kex.c')
-rw-r--r-- | src/kex.c | 19 |
1 files changed, 10 insertions, 9 deletions
@@ -168,16 +168,17 @@ #define CHACHA20 "chacha20-poly1305@openssh.com," -#define KEY_EXCHANGE \ +#define DEFAULT_KEY_EXCHANGE \ CURVE25519 \ ECDH \ "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \ GEX_SHA256 \ - "diffie-hellman-group14-sha256," \ - "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" + "diffie-hellman-group14-sha256" \ + #define KEY_EXCHANGE_SUPPORTED \ GEX_SHA1 \ - KEY_EXCHANGE + DEFAULT_KEY_EXCHANGE \ + ",diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" /* RFC 8308 */ #define KEX_EXTENSION_CLIENT "ext-info-c" @@ -231,12 +232,12 @@ static const char *fips_methods[] = { /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */ static const char *default_methods[] = { - KEY_EXCHANGE, + DEFAULT_KEY_EXCHANGE, DEFAULT_PUBLIC_KEY_ALGORITHMS, - CHACHA20 AES DES, - CHACHA20 AES DES, - "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", - "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", + CHACHA20 AES, + CHACHA20 AES, + "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512", + "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512", "none", "none", "", |