- deraadt@cvs.openbsd.org 2001/03/05 15:56:16

     [myproposal.h ssh.1]
     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
     provos & markus ok

diff --git a/ChangeLog b/ChangeLog
index 2731819ea87d70d320a0a04311bb86a49577e59e..4925015842e4b39042e60034fc994b2191357085 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
      [servconf.c]
      sync error message; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+     [myproposal.h ssh.1]
+     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+     provos & markus ok
 
 20010305
  - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]

diff --git a/myproposal.h b/myproposal.h
index 03f76839bdadef9f0560a59bba214f4c1181a71e..4a9a363709b071755ef9020a3be900f5a5f3b48d 100644 (file)
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $  */
+/*     $OpenBSD: myproposal.h,v 1.12 2001/03/05 15:56:16 deraadt Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,12 +26,12 @@
 #define KEX_DEFAULT_KEX                "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
 #define        KEX_DEFAULT_PK_ALG      "ssh-rsa,ssh-dss"
 #define        KEX_DEFAULT_ENCRYPT \
-       "3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
-       "aes128-cbc,aes192-cbc,aes256-cbc," \
+       "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
+       "aes192-cbc,aes256-cbc," \
        "rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
        "rijndael-cbc@lysator.liu.se"
 #define        KEX_DEFAULT_MAC \
-       "hmac-sha1,hmac-md5,hmac-ripemd160," \
+       "hmac-md5,hmac-sha1,hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
        "hmac-sha1-96,hmac-md5-96"
 #define        KEX_DEFAULT_COMP        "none,zlib"

diff --git a/ssh.1 b/ssh.1
index 53cebcfd7667fefe0dfe6531fd664a7fe1ed33d7..79b075fff3c040bf86c3bdb65d629e7c5cdbd2ec 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.93 2001/03/02 18:54:31 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.94 2001/03/05 15:56:16 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -228,7 +228,7 @@ S/Key authentication.
 .Pp
 Protocol 2 provides additional mechanisms for confidentiality
 (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
-and integrity (hmac-sha1, hmac-md5).
+and integrity (hmac-md5, hmac-sha1).
 Note that protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
 .Pp
@@ -667,7 +667,7 @@ Multiple ciphers must be comma-separated.
 The default is
 .Pp
 .Bd -literal
-  ``3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
     aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
     rijndael256-cbc,rijndael-cbc@lysator.liu.se''
 .Ed
@@ -831,7 +831,7 @@ Multiple algorithms must be comma-separated.
 The default is
 .Pp
 .Bd -literal
-  ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+  ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,
     hmac-sha1-96,hmac-md5-96''
 .Ed
 .It Cm NumberOfPasswordPrompts