1 /* $OpenBSD: myproposal.h,v 1.27 2010/09/01 22:42:13 djm Exp $ */
5 * Copyright (c) 2000 Markus Friedl. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <openssl/opensslv.h>
30 #ifdef OPENSSL_HAS_ECC
31 # define KEX_ECDH_METHODS \
32 "ecdh-sha2-nistp256," \
33 "ecdh-sha2-nistp384," \
35 # define HOSTKEY_ECDSA_CERT_METHODS \
36 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
37 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
38 "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
39 # define HOSTKEY_ECDSA_METHODS \
40 "ecdsa-sha2-nistp256," \
41 "ecdsa-sha2-nistp384," \
42 "ecdsa-sha2-nistp521,"
44 # define KEX_ECDH_METHODS
45 # define HOSTKEY_ECDSA_CERT_METHODS
46 # define HOSTKEY_ECDSA_METHODS
49 /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
50 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
51 # define KEX_SHA256_METHODS \
52 "diffie-hellman-group-exchange-sha256,"
54 # define KEX_SHA256_METHODS
57 # define KEX_DEFAULT_KEX \
60 "diffie-hellman-group-exchange-sha1," \
61 "diffie-hellman-group14-sha1," \
62 "diffie-hellman-group1-sha1"
64 #define KEX_DEFAULT_PK_ALG \
65 HOSTKEY_ECDSA_CERT_METHODS \
66 "ssh-rsa-cert-v01@openssh.com," \
67 "ssh-dss-cert-v01@openssh.com," \
68 "ssh-rsa-cert-v00@openssh.com," \
69 "ssh-dss-cert-v00@openssh.com," \
70 HOSTKEY_ECDSA_METHODS \
74 #define KEX_DEFAULT_ENCRYPT \
75 "aes128-ctr,aes192-ctr,aes256-ctr," \
76 "arcfour256,arcfour128," \
77 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
78 "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
79 #ifdef NONE_CIPHER_ENABLED
80 #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
83 #define KEX_DEFAULT_MAC \
84 "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
85 "hmac-ripemd160@openssh.com," \
86 "hmac-sha1-96,hmac-md5-96"
87 #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
88 #define KEX_DEFAULT_LANG ""
91 static char *myproposal[PROPOSAL_MAX] = {