I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Index: myproposal.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v
retrieving revision 1.40
diff -u -p -r1.40 myproposal.h
--- myproposal.h 30 Apr 2014 19:07:48 -0000 1.40
+++ myproposal.h 11 Jul 2014 09:31:21 -0000
@@ -69,19 +69,19 @@
"[email protected]," \
"[email protected]," \
"[email protected]," \
+ "[email protected]," \
"[email protected]," \
"[email protected]," \
"hmac-sha2-256," \
- "hmac-sha2-512" \
+ "hmac-sha2-512," \
+ "hmac-sha1"
#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
"[email protected]," \
- "[email protected]," \
"[email protected]," \
"[email protected]," \
"[email protected]," \
"hmac-md5," \
- "hmac-sha1," \
"hmac-ripemd160," \
"[email protected]," \
"hmac-sha1-96," \
@@ -102,16 +102,16 @@
"[email protected]," \
"[email protected]," \
"[email protected]," \
+ "[email protected]," \
"[email protected]," \
"[email protected]," \
"hmac-sha2-256," \
- "hmac-sha2-512"
+ "hmac-sha2-512," \
+ "hmac-sha1"
#define KEX_CLIENT_KEX KEX_SERVER_KEX
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
-#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
- "[email protected]," \
- "hmac-sha1"
+#define KEX_CLIENT_MAC KEX_SERVER_MAC
#endif /* WITH_OPENSSL */
