version 1.5, 2011/09/07 17:49:19 |
version 1.5.12.1, 2017/08/15 04:40:16 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */ |
/* $OpenBSD: myproposal.h,v 1.54 2016/09/28 16:33:07 djm Exp $ */ |
|
|
/* |
/* |
* Copyright (c) 2000 Markus Friedl. All rights reserved. |
* Copyright (c) 2000 Markus Friedl. All rights reserved. |
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
*/ |
*/ |
|
|
#define KEX_DEFAULT_KEX \ |
#ifdef WITH_OPENSSL |
|
|
|
#define KEX_COMMON_KEX \ |
|
"curve25519-sha256," \ |
|
"curve25519-sha256@libssh.org," \ |
"ecdh-sha2-nistp256," \ |
"ecdh-sha2-nistp256," \ |
"ecdh-sha2-nistp384," \ |
"ecdh-sha2-nistp384," \ |
"ecdh-sha2-nistp521," \ |
"ecdh-sha2-nistp521," \ |
"diffie-hellman-group-exchange-sha256," \ |
"diffie-hellman-group-exchange-sha256," \ |
|
"diffie-hellman-group16-sha512," \ |
|
"diffie-hellman-group18-sha512," \ |
|
"diffie-hellman-group1-sha1" \ |
|
|
|
#define KEX_SERVER_KEX KEX_COMMON_KEX "," \ |
|
"diffie-hellman-group-exchange-sha1," \ |
|
"diffie-hellman-group14-sha256," \ |
|
"diffie-hellman-group14-sha1" |
|
|
|
#define KEX_CLIENT_KEX KEX_COMMON_KEX "," \ |
"diffie-hellman-group-exchange-sha1," \ |
"diffie-hellman-group-exchange-sha1," \ |
"diffie-hellman-group14-sha1," \ |
"diffie-hellman-group14-sha256," \ |
"diffie-hellman-group1-sha1" |
"diffie-hellman-group14-sha1" |
|
|
#define KEX_DEFAULT_PK_ALG \ |
#define KEX_DEFAULT_PK_ALG \ |
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \ |
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \ |
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \ |
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \ |
"ecdsa-sha2-nistp521-cert-v01@openssh.com," \ |
"ecdsa-sha2-nistp521-cert-v01@openssh.com," \ |
|
"ssh-ed25519-cert-v01@openssh.com," \ |
"ssh-rsa-cert-v01@openssh.com," \ |
"ssh-rsa-cert-v01@openssh.com," \ |
"ssh-dss-cert-v01@openssh.com," \ |
|
"ssh-rsa-cert-v00@openssh.com," \ |
|
"ssh-dss-cert-v00@openssh.com," \ |
|
"ecdsa-sha2-nistp256," \ |
"ecdsa-sha2-nistp256," \ |
"ecdsa-sha2-nistp384," \ |
"ecdsa-sha2-nistp384," \ |
"ecdsa-sha2-nistp521," \ |
"ecdsa-sha2-nistp521," \ |
|
"ssh-ed25519," \ |
|
"rsa-sha2-512," \ |
|
"rsa-sha2-256," \ |
"ssh-rsa," \ |
"ssh-rsa," \ |
"ssh-dss" |
"ssh-dss," \ |
|
"ssh-dss-cert-v01@openssh.com" |
|
|
#define KEX_DEFAULT_ENCRYPT \ |
#define KEX_SERVER_ENCRYPT \ |
|
"chacha20-poly1305@openssh.com," \ |
"aes128-ctr,aes192-ctr,aes256-ctr," \ |
"aes128-ctr,aes192-ctr,aes256-ctr," \ |
"arcfour256,arcfour128," \ |
"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ |
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
"aes128-cbc,aes192-cbc,aes256-cbc," \ |
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
"3des-cbc,blowfish-cbc,cast128-cbc," \ |
#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ |
"arcfour,arcfour128,arcfour256" |
",none" |
|
|
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT |
#ifdef UMAC_HAS_BEEN_UNBROKEN |
|
#define KEX_DEFAULT_MAC \ |
#define KEX_SERVER_MAC \ |
"hmac-md5," \ |
"umac-64-etm@openssh.com," \ |
"hmac-sha1," \ |
"umac-128-etm@openssh.com," \ |
|
"hmac-sha2-256-etm@openssh.com," \ |
|
"hmac-sha2-512-etm@openssh.com," \ |
|
"hmac-sha1-etm@openssh.com," \ |
"umac-64@openssh.com," \ |
"umac-64@openssh.com," \ |
|
"umac-128@openssh.com," \ |
"hmac-sha2-256," \ |
"hmac-sha2-256," \ |
"hmac-sha2-256-96," \ |
|
"hmac-sha2-512," \ |
"hmac-sha2-512," \ |
"hmac-sha2-512-96," \ |
"hmac-sha1," \ |
|
"hmac-md5," \ |
|
"hmac-md5-96," \ |
"hmac-ripemd160," \ |
"hmac-ripemd160," \ |
"hmac-ripemd160@openssh.com," \ |
"hmac-ripemd160@openssh.com," \ |
"hmac-sha1-96,hmac-md5-96" |
"hmac-sha1-96" |
#else |
|
#define KEX_DEFAULT_MAC \ |
#define KEX_CLIENT_MAC KEX_SERVER_MAC |
"hmac-md5,hmac-sha1,hmac-ripemd160," \ |
|
"hmac-ripemd160@openssh.com," \ |
|
"hmac-sha1-96,hmac-md5-96" |
|
#endif |
|
|
|
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
#else /* WITH_OPENSSL */ |
|
|
|
#define KEX_SERVER_KEX \ |
|
"curve25519-sha256," \ |
|
"curve25519-sha256@libssh.org" |
|
#define KEX_DEFAULT_PK_ALG \ |
|
"ssh-ed25519-cert-v01@openssh.com," \ |
|
"ssh-ed25519" |
|
#define KEX_SERVER_ENCRYPT \ |
|
"chacha20-poly1305@openssh.com," \ |
|
"aes128-ctr,aes192-ctr,aes256-ctr" |
|
#define KEX_SERVER_MAC \ |
|
"umac-64-etm@openssh.com," \ |
|
"umac-128-etm@openssh.com," \ |
|
"hmac-sha2-256-etm@openssh.com," \ |
|
"hmac-sha2-512-etm@openssh.com," \ |
|
"hmac-sha1-etm@openssh.com," \ |
|
"umac-64@openssh.com," \ |
|
"umac-128@openssh.com," \ |
|
"hmac-sha2-256," \ |
|
"hmac-sha2-512," \ |
|
"hmac-sha1" |
|
|
|
#define KEX_CLIENT_KEX KEX_SERVER_KEX |
|
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT |
|
#define KEX_CLIENT_MAC KEX_SERVER_MAC |
|
|
|
#endif /* WITH_OPENSSL */ |
|
|
|
#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \ |
|
",none" |
|
#define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \ |
|
",none" |
|
|
|
#define KEX_DEFAULT_COMP "none,zlib@openssh.com" |
#define KEX_DEFAULT_LANG "" |
#define KEX_DEFAULT_LANG "" |
|
|
|
#define KEX_CLIENT \ |
|
KEX_CLIENT_KEX, \ |
|
KEX_DEFAULT_PK_ALG, \ |
|
KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ |
|
KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ |
|
KEX_CLIENT_MAC, \ |
|
KEX_CLIENT_MAC, \ |
|
KEX_DEFAULT_COMP, \ |
|
KEX_DEFAULT_COMP, \ |
|
KEX_DEFAULT_LANG, \ |
|
KEX_DEFAULT_LANG |
|
|
static const char *myproposal[PROPOSAL_MAX] = { |
#define KEX_SERVER \ |
KEX_DEFAULT_KEX, |
KEX_SERVER_KEX, \ |
KEX_DEFAULT_PK_ALG, |
KEX_DEFAULT_PK_ALG, \ |
KEX_DEFAULT_ENCRYPT, |
KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ |
KEX_DEFAULT_ENCRYPT, |
KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ |
KEX_DEFAULT_MAC, |
KEX_SERVER_MAC, \ |
KEX_DEFAULT_MAC, |
KEX_SERVER_MAC, \ |
KEX_DEFAULT_COMP, |
KEX_DEFAULT_COMP, \ |
KEX_DEFAULT_COMP, |
KEX_DEFAULT_COMP, \ |
KEX_DEFAULT_LANG, |
KEX_DEFAULT_LANG, \ |
KEX_DEFAULT_LANG |
KEX_DEFAULT_LANG |
}; |
|