-/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.23 2009/01/23 07:58:11 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha256," \
+ "diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
+#endif
+
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
+
#define KEX_DEFAULT_ENCRYPT \
+ "aes128-ctr,aes192-ctr,aes256-ctr," \
+ "arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
- "arcfour128,arcfour256,arcfour," \
- "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
- "aes128-ctr,aes192-ctr,aes256-ctr"
+ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
",none"
#define KEX_DEFAULT_MAC \
- "hmac-md5,hmac-sha1,hmac-ripemd160," \
+ "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \
"hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"