aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2019-02-02 15:00:26 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-02-07 10:30:05 +0100
commita17058014726a21fd714ccb9152ec2d86458b5a1 (patch)
tree959bee7d246e699d629fda6f9ed08b65daddb85b /src
parent0833f07c534d98ebe551cc0627fcb8875c6592d9 (diff)
downloadlibssh-a17058014726a21fd714ccb9152ec2d86458b5a1.tar.gz
libssh-a17058014726a21fd714ccb9152ec2d86458b5a1.tar.xz
libssh-a17058014726a21fd714ccb9152ec2d86458b5a1.zip
kex: Disable diffie-hellman-group-exchange-sha1 by default
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/kex.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/kex.c b/src/kex.c
index 59522d22..c5bb7e1d 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -114,15 +114,20 @@
#define ECDH ""
#endif
+#define GEX_SHA256 "diffie-hellman-group-exchange-sha256,"
+#define GEX_SHA1 "diffie-hellman-group-exchange-sha1,"
+
#define CHACHA20 "chacha20-poly1305@openssh.com,"
#define KEY_EXCHANGE \
CURVE25519 \
ECDH \
"diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
- "diffie-hellman-group-exchange-sha256," \
- "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1," \
- "diffie-hellman-group-exchange-sha1"
+ GEX_SHA256 \
+ "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
+#define KEY_EXCHANGE_SUPPORTED \
+ GEX_SHA1 \
+ KEY_EXCHANGE
#define KEX_METHODS_SIZE 10
/* RFC 8308 */
@@ -145,7 +150,7 @@ static const char *default_methods[] = {
/* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
static const char *supported_methods[] = {
- KEY_EXCHANGE,
+ KEY_EXCHANGE_SUPPORTED,
PUBLIC_KEY_ALGORITHMS,
CHACHA20 AES BLOWFISH DES_SUPPORTED,
CHACHA20 AES BLOWFISH DES_SUPPORTED,
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 05:04:03 +0000