summaryrefslogtreecommitdiff
path: root/myproposal.h
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-11 11:47:24 +1000
committerDarren Tucker <dtucker@zip.com.au>2013-06-11 11:47:24 +1000
commit97b62f41adcb0dcbeff142d0540793a7ea17c910 (patch)
tree72760674310073300403bc8a3f864323ee9323a3 /myproposal.h
parent6d8bd57448b45b42809da32857d7804444349ee7 (diff)
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
the required OpenSSL support. Patch from naddy at freebsd.
Diffstat (limited to 'myproposal.h')
-rw-r--r--myproposal.h9
1 files changed, 8 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h
index f13c7485..276108bf 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -45,6 +45,13 @@
# define HOSTKEY_ECDSA_METHODS
#endif
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+ "aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+
/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
#ifdef HAVE_EVP_SHA256
# define KEX_SHA256_METHODS \
@@ -73,7 +80,7 @@
#define KEX_DEFAULT_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
- "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+ AESGCM_CIPHER_MODES \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
#ifdef HAVE_EVP_SHA256