+/* $OpenBSD: myproposal.h,v 1.20 2006/03/19 18:53:12 deraadt Exp $ */
+
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha256," \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+#endif
+
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
- "3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
- "aes128-cbc,aes192-cbc,aes256-cbc," \
- "rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
- "rijndael-cbc@lysator.liu.se"
-#define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
-#define KEX_DEFAULT_COMP "none,zlib"
+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
+ "arcfour128,arcfour256,arcfour," \
+ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
+ "aes128-ctr,aes192-ctr,aes256-ctr"
+#define KEX_DEFAULT_MAC \
+ "hmac-md5,hmac-sha1,hmac-ripemd160," \
+ "hmac-ripemd160@openssh.com," \
+ "hmac-sha1-96,hmac-md5-96"
+#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
andersk / openssh.git / blobdiff