diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2015-01-24 18:19:57 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-01-26 08:57:06 +0100 |
commit | 7febad58211115cb03670173f907545bb9a9a78a (patch) | |
tree | ad5c14da8b5092020e32470b02379a157cfd9efe | |
parent | b235c380f29b22ab08421dd18e225acdaa21c555 (diff) | |
download | libssh-7febad58211115cb03670173f907545bb9a9a78a.tar.gz libssh-7febad58211115cb03670173f907545bb9a9a78a.tar.xz libssh-7febad58211115cb03670173f907545bb9a9a78a.zip |
kex: disable des-cbc-ssh1 by default
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/kex.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -40,7 +40,8 @@ #ifdef HAVE_LIBGCRYPT # define BLOWFISH "blowfish-cbc," # define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc," -# define DES "3des-cbc,des-cbc-ssh1" +# define DES "3des-cbc" +# define DES_SUPPORTED "3des-cbc,des-cbc-ssh1" #elif defined(HAVE_LIBCRYPTO) # ifdef HAVE_OPENSSL_BLOWFISH_H # define BLOWFISH "blowfish-cbc," @@ -56,7 +57,8 @@ # else # define AES "" # endif -# define DES "3des-cbc,des-cbc-ssh1" +# define DES "3des-cbc" +# define DES_SUPPORTED "3des-cbc,des-cbc-ssh1" #endif #ifdef WITH_ZLIB @@ -101,8 +103,8 @@ static const char *default_methods[] = { static const char *supported_methods[] = { KEY_EXCHANGE, HOSTKEYS, - AES BLOWFISH DES, - AES BLOWFISH DES, + AES BLOWFISH DES_SUPPORTED, + AES BLOWFISH DES_SUPPORTED, "hmac-sha1,hmac-sha2-256,hmac-sha2-512", "hmac-sha1,hmac-sha2-256,hmac-sha2-512", ZLIB, |