diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-12 01:34:02 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-12 16:49:21 +1000 |
commit | 4cc259bac699f4d2a5c52b92230f9e488c88a223 (patch) | |
tree | b677c7abd3a9a698e9e7a0abc8be5e5fe2f615dc /myproposal.h | |
parent | ba9e788315b1f6a350f910cb2a9e95b2ce584e89 (diff) | |
download | openssh-git-4cc259bac699f4d2a5c52b92230f9e488c88a223.tar.gz |
upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.
ok markus@
OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h index 08782dd3..27b4a15a 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.56 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -139,6 +139,16 @@ #define KEX_CLIENT_MAC KEX_SERVER_MAC +/* Not a KEX value, but here so all the algorithm defaults are together */ +#define SSH_ALLOWED_CA_SIGALGS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," \ + "ssh-ed25519," \ + "rsa-sha2-512," \ + "rsa-sha2-256," \ + "ssh-rsa" + #else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ @@ -166,6 +176,8 @@ #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT #define KEX_CLIENT_MAC KEX_SERVER_MAC +#define SSH_ALLOWED_CA_SIGALGS "ssh-ed25519" + #endif /* WITH_OPENSSL */ #define KEX_DEFAULT_COMP "none,zlib@openssh.com" |