From 5c521f6f7bffd91a5324b128de2c2bde3a225ecf Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 30 Nov 2023 11:47:21 -0800 Subject: [PATCH 1/2] Removed sha1-based MACs from default config --- myproposal.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/myproposal.h b/myproposal.h index ee6e9f741526..b612f37370f3 100644 --- a/myproposal.h +++ b/myproposal.h @@ -68,12 +68,10 @@ "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ "hmac-sha2-512-etm@openssh.com," \ - "hmac-sha1-etm@openssh.com," \ "umac-64@openssh.com," \ "umac-128@openssh.com," \ "hmac-sha2-256," \ - "hmac-sha2-512," \ - "hmac-sha1" + "hmac-sha2-512," #define KEX_CLIENT_MAC KEX_SERVER_MAC From e0d46bca888afffa9704a42e32ea88d06dc9d1b8 Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 30 Nov 2023 21:25:25 +0000 Subject: [PATCH 2/2] Made changes only for Windows port --- myproposal.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/myproposal.h b/myproposal.h index b612f37370f3..a054f79e26be 100644 --- a/myproposal.h +++ b/myproposal.h @@ -63,6 +63,7 @@ #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#ifdef WINDOWS #define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ "umac-128-etm@openssh.com," \ @@ -72,6 +73,19 @@ "umac-128@openssh.com," \ "hmac-sha2-256," \ "hmac-sha2-512," +#else +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" +#endif #define KEX_CLIENT_MAC KEX_SERVER_MAC