aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/kex.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/kex.c b/src/kex.c
index dc9d5097..c2c59de2 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -57,8 +57,8 @@
#ifdef HAVE_LIBGCRYPT
# define AES "aes256-gcm@openssh.com,aes128-gcm@openssh.com," \
- "aes256-ctr,aes192-ctr,aes128-ctr," \
- "aes256-cbc,aes192-cbc,aes128-cbc,"
+ "aes256-ctr,aes192-ctr,aes128-ctr,"
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
# define DES "3des-cbc"
# define DES_SUPPORTED "3des-cbc"
@@ -68,8 +68,8 @@
# else
# define GCM ""
# endif /* MBEDTLS_GCM_C */
-# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr," \
- "aes256-cbc,aes192-cbc,aes128-cbc,"
+# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
# define DES "3des-cbc"
# define DES_SUPPORTED "3des-cbc"
@@ -81,12 +81,15 @@
# define GCM ""
# endif /* HAVE_OPENSSL_EVP_AES_GCM */
# ifdef BROKEN_AES_CTR
-# define AES GCM "aes256-cbc,aes192-cbc,aes128-cbc,"
+# define AES GCM
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
# else /* BROKEN_AES_CTR */
-# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
+# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
# endif /* BROKEN_AES_CTR */
# else /* HAVE_OPENSSL_AES_H */
# define AES ""
+# define AES_CBC ""
# endif /* HAVE_OPENSSL_AES_H */
# define DES "3des-cbc"
@@ -230,8 +233,8 @@ static const char *fips_methods[] = {
static const char *default_methods[] = {
KEY_EXCHANGE,
DEFAULT_PUBLIC_KEY_ALGORITHMS,
- CHACHA20 AES BLOWFISH DES,
- CHACHA20 AES BLOWFISH DES,
+ CHACHA20 AES DES,
+ CHACHA20 AES DES,
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"none",
@@ -245,8 +248,8 @@ static const char *default_methods[] = {
static const char *supported_methods[] = {
KEY_EXCHANGE_SUPPORTED,
PUBLIC_KEY_ALGORITHMS,
- CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
- CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
+ CHACHA20 AES AES_CBC BLOWFISH DES_SUPPORTED NONE,
+ CHACHA20 AES AES_CBC BLOWFISH DES_SUPPORTED NONE,
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
ZLIB,