diff options
author | dtucker <dtucker> | 2013-06-11 01:47:40 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2013-06-11 01:47:40 +0000 |
commit | 185fe88b27c5f548438f399868bd44a49b90afb8 (patch) | |
tree | 05cc6c251760a1317a34ea1bcfe5d85b7200ddd2 | |
parent | b16b354c52bc6e03274fc2c04819d9897f73ffbe (diff) | |
download | openssh-V_6_2.tar.gz |
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't haveV_6_2
the required OpenSSL support. Patch from naddy at freebsd.
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | myproposal.h | 9 |
2 files changed, 12 insertions, 1 deletions
@@ -1,3 +1,7 @@ +20130610 + - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have + the required OpenSSL support. Patch from naddy at freebsd. + 20130516 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be executed if mktemp failed; bz#2105 ok dtucker@ diff --git a/myproposal.h b/myproposal.h index 99d09346..05b17dbb 100644 --- a/myproposal.h +++ b/myproposal.h @@ -45,6 +45,13 @@ # define HOSTKEY_ECDSA_METHODS #endif +#ifdef OPENSSL_HAVE_EVPGCM +# define AESGCM_CIPHER_MODES \ + "aes128-gcm@openssh.com,aes256-gcm@openssh.com," +#else +# define AESGCM_CIPHER_MODES +#endif + /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L # define KEX_SHA256_METHODS \ @@ -73,7 +80,7 @@ #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ "arcfour256,arcfour128," \ - "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ + AESGCM_CIPHER_MODES \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" #ifdef HAVE_EVP_SHA256 |