diff options
author | Hans Nilsson <[email protected]> | 2017-01-18 20:44:31 +0100 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-01-31 17:13:54 +0100 |
commit | d08006aaec92873c8cca6b7aeb57dcd2786fa330 (patch) | |
tree | 1aecd49294074ed3e64cd0bb86549e91d4347928 | |
parent | ef2aa76fbd0867a2901148edfedbcc8f1bf51809 (diff) | |
download | otp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.tar.gz otp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.tar.bz2 otp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.zip |
ssh: removed 'diffie-hellman-group1-sha1' from default list
Reason: very insecure
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 693691f835..d172005a85 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -79,6 +79,10 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. algo_classes() -> [kex, public_key, cipher, mac, compression]. +default_algorithms(kex) -> + supported_algorithms(kex, [ + 'diffie-hellman-group1-sha1' % Gone in OpenSSH 7.3.p1 + ]); default_algorithms(cipher) -> supported_algorithms(cipher, same(['AEAD_AES_128_GCM', @@ -104,7 +108,7 @@ supported_algorithms(kex) -> {'diffie-hellman-group14-sha256', [{public_keys,dh}, {hashs,sha256}]}, % In OpenSSH 7.3.p1 {'diffie-hellman-group14-sha1', [{public_keys,dh}, {hashs,sha}]}, {'diffie-hellman-group-exchange-sha1', [{public_keys,dh}, {hashs,sha}]}, - {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} % Gone in OpenSSH 7.3.p1 + {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} ]); supported_algorithms(public_key) -> select_crypto_supported( |