summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-04-20 13:17:20 +1000
committerDamien Miller <djm@mindrot.org>2014-04-20 13:17:20 +1000
commit9235a030ad1b16903fb495d81544e0f7c7449523 (patch)
tree3cb61622daa8f3b0caf0e53fd8bfab5534def35e /sshd.c
parent6e1777f592f15f4559728c78204617537b1ac076 (diff)
downloadopenssh-git-9235a030ad1b16903fb495d81544e0f7c7449523.tar.gz
Three commits in one (since they touch the same heavily-diverged file
repeatedly): - markus@cvs.openbsd.org 2014/03/25 09:40:03 [myproposal.h] trimm default proposals. This commit removes the weaker pre-SHA2 hashes, the broken ciphers (arcfour), and the broken modes (CBC) from the default configuration (the patch only changes the default, all the modes are still available for the config files). ok djm@, reminded by tedu@ & naddy@ and discussed with many - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 [myproposal.h] The current sharing of myproposal[] between both client and server code makes the previous diff highly unpallatable. We want to go in that direction for the server, but not for the client. Sigh. Brought up by naddy. - markus@cvs.openbsd.org 2014/03/27 23:01:27 [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] disable weak proposals in sshd, but keep them in ssh; ok djm@
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 7523de97..045f1494 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2437,6 +2437,7 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
static void
do_ssh2_kex(void)
{
+ char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
Kex *kex;
if (options.ciphers != NULL) {