- OpenBSD CVS update

  - markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1

1 files changed, 8 insertions, 4 deletions

diff --git a/sshconnect1.c b/sshconnect1.c
index 31ee9843..4360d728 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -9,7 +9,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.2 2000/05/04 22:38:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -832,13 +832,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
 	RSA_free(public_key);
 	RSA_free(host_key);
 
-	if (options.cipher == SSH_CIPHER_NOT_SET) {
+	if (options.cipher == SSH_CIPHER_ILLEGAL) {
+		log("No valid SSH1 cipher, using %.100s instead.",
+		    cipher_name(SSH_FALLBACK_CIPHER));
+		options.cipher = SSH_FALLBACK_CIPHER;
+	} else if (options.cipher == SSH_CIPHER_NOT_SET) {
 		if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
 			options.cipher = ssh_cipher_default;
 		else {
 			debug("Cipher %s not supported, using %.100s instead.",
-			      cipher_name(ssh_cipher_default),
-			      cipher_name(SSH_FALLBACK_CIPHER));
+			    cipher_name(ssh_cipher_default),
+			    cipher_name(SSH_FALLBACK_CIPHER));
 			options.cipher = SSH_FALLBACK_CIPHER;
 		}
 	}