Initial revision

[gssapi-openssh.git] / openssh / myproposal.h

diff --git a/openssh/myproposal.h b/openssh/myproposal.h
index 129d98cd1bbe0141e1edd0f4c8c8ed1c27e65edf..46bd6dfd2baa0311ad8170f68d3df2960acdba33 100644 (file)
--- a/openssh/myproposal.h
+++ b/openssh/myproposal.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $  */
+/* $OpenBSD: myproposal.h,v 1.22 2007/06/07 19:37:34 pvalchev Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -23,9 +23,23 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#define KEX_DEFAULT_KEX                "diffie-hellman-group-exchange-sha1," \
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX               \
+       "diffie-hellman-group-exchange-sha1," \
        "diffie-hellman-group14-sha1," \
        "diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX               \
+       "diffie-hellman-group-exchange-sha256," \
+       "diffie-hellman-group-exchange-sha1," \
+       "diffie-hellman-group14-sha1," \
+       "diffie-hellman-group1-sha1"
+#endif
+
 #define        KEX_DEFAULT_PK_ALG      "ssh-rsa,ssh-dss"
 #define        KEX_DEFAULT_ENCRYPT \
        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
@@ -35,7 +49,7 @@
 #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
        ",none"
 #define        KEX_DEFAULT_MAC \
-       "hmac-md5,hmac-sha1,hmac-ripemd160," \
+       "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
        "hmac-sha1-96,hmac-md5-96"
 #define        KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"