aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2017-01-18 20:44:31 +0100
committerHans Nilsson <[email protected]>2017-01-31 17:13:54 +0100
commitd08006aaec92873c8cca6b7aeb57dcd2786fa330 (patch)
tree1aecd49294074ed3e64cd0bb86549e91d4347928
parentef2aa76fbd0867a2901148edfedbcc8f1bf51809 (diff)
downloadotp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.tar.gz
otp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.tar.bz2
otp-d08006aaec92873c8cca6b7aeb57dcd2786fa330.zip
ssh: removed 'diffie-hellman-group1-sha1' from default list
Reason: very insecure
-rw-r--r--lib/ssh/src/ssh_transport.erl6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 693691f835..d172005a85 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -79,6 +79,10 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()].
algo_classes() -> [kex, public_key, cipher, mac, compression].
+default_algorithms(kex) ->
+ supported_algorithms(kex, [
+ 'diffie-hellman-group1-sha1' % Gone in OpenSSH 7.3.p1
+ ]);
default_algorithms(cipher) ->
supported_algorithms(cipher, same(['AEAD_AES_128_GCM',
@@ -104,7 +108,7 @@ supported_algorithms(kex) ->
{'diffie-hellman-group14-sha256', [{public_keys,dh}, {hashs,sha256}]}, % In OpenSSH 7.3.p1
{'diffie-hellman-group14-sha1', [{public_keys,dh}, {hashs,sha}]},
{'diffie-hellman-group-exchange-sha1', [{public_keys,dh}, {hashs,sha}]},
- {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} % Gone in OpenSSH 7.3.p1
+ {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]}
]);
supported_algorithms(public_key) ->
select_crypto_supported(