1 /*
2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25 /*
26 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
27 * Use is subject to license terms.
28 */
29
30 /* $OpenBSD: myproposal.h,v 1.14 2002/04/03 09:26:11 markus Exp $ */
31
32 #ifndef _MYPROPOSAL_H
33 #define _MYPROPOSAL_H
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39
40 #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \
41 "diffie-hellman-group1-sha1"
42
43 #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
44
45 /*
46 * Keep CBC modes in the back of the client default cipher list for backward
47 * compatibility but remove them from the server side because there are some
48 * potential security issues with those modes regarding SSH protocol version 2.
49 * Since the client is the one who picks the cipher from the list offered by the
50 * server the only way to force the client not to use CBC modes is not to
51 * advertise those at all. Note that we still support all such CBC modes in the
52 * server code, this is about the default server cipher list only. The list can
53 * be changed in the Ciphers option in the sshd_config(4) file.
54 *
55 * Note that the ordering of ciphers on the server side is not relevant but we
56 * must do it properly even here so that we can use the macro for the client
57 * list as well.
58 */
59 #define KEX_DEFAULT_SERVER_ENCRYPT "aes128-ctr,aes192-ctr,aes256-ctr," \
60 "arcfour128,arcfour256,arcfour"
61
62 #define KEX_DEFAULT_CLIENT_ENCRYPT KEX_DEFAULT_SERVER_ENCRYPT \
63 ",aes128-cbc,aes192-cbc,aes256-cbc," \
64 "blowfish-cbc,3des-cbc"
65
66 #define KEX_DEFAULT_MAC "hmac-md5,hmac-sha1,hmac-sha1-96," \
67 "hmac-md5-96"
68
69 #define KEX_DEFAULT_COMP "none,zlib"
70 #define KEX_DEFAULT_LANG ""
71
72
73 static char *my_srv_proposal[PROPOSAL_MAX] = {
74 KEX_DEFAULT_KEX,
75 KEX_DEFAULT_PK_ALG,
76 KEX_DEFAULT_SERVER_ENCRYPT,
77 KEX_DEFAULT_SERVER_ENCRYPT,
78 KEX_DEFAULT_MAC,
79 KEX_DEFAULT_MAC,
80 KEX_DEFAULT_COMP,
81 KEX_DEFAULT_COMP,
82 KEX_DEFAULT_LANG,
83 KEX_DEFAULT_LANG
84 };
85
86 static char *my_clnt_proposal[PROPOSAL_MAX] = {
87 KEX_DEFAULT_KEX,
88 KEX_DEFAULT_PK_ALG,
89 KEX_DEFAULT_CLIENT_ENCRYPT,
90 KEX_DEFAULT_CLIENT_ENCRYPT,
91 KEX_DEFAULT_MAC,
92 KEX_DEFAULT_MAC,
93 KEX_DEFAULT_COMP,
94 KEX_DEFAULT_COMP,
95 KEX_DEFAULT_LANG,
96 KEX_DEFAULT_LANG
97 };
98
99 #ifdef __cplusplus
100 }
101 #endif
102
103 #endif /* _MYPROPOSAL_H */