summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-03-06 01:05:23 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-03-06 01:05:23 +0000
commitec26fb166788728d7ccafe85730ccf04f3a4885b (patch)
tree8df50bff30cbb4b723c224a5ca4ae2a52c004292
parent35f1f4e2b833377b2a5e73d1c3f841c5e420cd29 (diff)
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1] switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster; provos & markus ok
-rw-r--r--ChangeLog6
-rw-r--r--myproposal.h8
-rw-r--r--ssh.18
3 files changed, 13 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index c5a64002..1c1f8738 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+ [myproposal.h ssh.1]
+ switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+ provos & markus ok
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
@@ -4377,4 +4381,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.910 2001/03/06 01:02:41 mouring Exp $
+$Id: ChangeLog,v 1.911 2001/03/06 01:05:23 mouring Exp $
diff --git a/myproposal.h b/myproposal.h
index 03f76839..4a9a3637 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.12 2001/03/05 15:56:16 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,12 +26,12 @@
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
- "3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
- "aes128-cbc,aes192-cbc,aes256-cbc," \
+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
+ "aes192-cbc,aes256-cbc," \
"rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
"rijndael-cbc@lysator.liu.se"
#define KEX_DEFAULT_MAC \
- "hmac-sha1,hmac-md5,hmac-ripemd160," \
+ "hmac-md5,hmac-sha1,hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \
"hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib"
diff --git a/ssh.1 b/ssh.1
index 53cebcfd..79b075ff 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.93 2001/03/02 18:54:31 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.94 2001/03/05 15:56:16 deraadt Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -228,7 +228,7 @@ S/Key authentication.
.Pp
Protocol 2 provides additional mechanisms for confidentiality
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
-and integrity (hmac-sha1, hmac-md5).
+and integrity (hmac-md5, hmac-sha1).
Note that protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
.Pp
@@ -667,7 +667,7 @@ Multiple ciphers must be comma-separated.
The default is
.Pp
.Bd -literal
- ``3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,
+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
rijndael256-cbc,rijndael-cbc@lysator.liu.se''
.Ed
@@ -831,7 +831,7 @@ Multiple algorithms must be comma-separated.
The default is
.Pp
.Bd -literal
- ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+ ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,
hmac-sha1-96,hmac-md5-96''
.Ed
.It Cm NumberOfPasswordPrompts