- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+ [myproposal.h ssh.1]
+ switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+ provos & markus ok
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
-/* $OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.12 2001/03/05 15:56:16 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
- "3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
- "aes128-cbc,aes192-cbc,aes256-cbc," \
+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
+ "aes192-cbc,aes256-cbc," \
"rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
"rijndael-cbc@lysator.liu.se"
#define KEX_DEFAULT_MAC \
- "hmac-sha1,hmac-md5,hmac-ripemd160," \
+ "hmac-md5,hmac-sha1,hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \
"hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.93 2001/03/02 18:54:31 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.94 2001/03/05 15:56:16 deraadt Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Pp
Protocol 2 provides additional mechanisms for confidentiality
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
-and integrity (hmac-sha1, hmac-md5).
+and integrity (hmac-md5, hmac-sha1).
Note that protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
.Pp
The default is
.Pp
.Bd -literal
- ``3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,
+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
rijndael256-cbc,rijndael-cbc@lysator.liu.se''
.Ed
The default is
.Pp
.Bd -literal
- ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+ ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,
hmac-sha1-96,hmac-md5-96''
.Ed
.It Cm NumberOfPasswordPrompts