diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:26:13 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:27:21 -0700 |
| commit | d6e57d34bafb65c6ce62a022d1b509f35cf82d49 (patch) | |
| tree | 5afc870e7c12f8d14762bc33dfdfe9588b94f408 | |
| parent | 9db59ac05e03ede7ba5d5059b7e00effca275430 (diff) | |
| download | paramiko-d6e57d34bafb65c6ce62a022d1b509f35cf82d49.tar.gz | |
Partially apply #983 for 2.0+
| -rw-r--r-- | paramiko/transport.py | 2 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py index 4a3ae8f4..802b496f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -113,10 +113,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..9aead611 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of + preferred MAC algorithms, as an incremental security improvement for users + whose target systems offer both. Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor |