aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssh')
-rw-r--r--lib/ssh/src/ssh_transport.erl30
-rw-r--r--lib/ssh/test/ssh_to_openssh_SUITE.erl20
2 files changed, 35 insertions, 15 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 805114f792..ea05c849b7 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -113,15 +113,28 @@ key_init(client, Ssh, Value) ->
key_init(server, Ssh, Value) ->
Ssh#ssh{s_keyinit = Value}.
+available_ssh_algos() ->
+ Supports = crypto:supports(),
+ CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}],
+ Ciphers = [SshAlgo ||
+ {CryptoAlgo, SshAlgo} <- CipherAlgos,
+ lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))],
+ HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}],
+ Hashs = [SshAlgo ||
+ {CryptoAlgo, SshAlgo} <- HashAlgos,
+ lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))],
+ {Ciphers, Hashs}.
+
kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
+ {CipherAlgs, HashAlgs} = available_ssh_algos(),
#ssh_msg_kexinit{
cookie = Random,
kex_algorithms = ["diffie-hellman-group1-sha1"],
server_host_key_algorithms = HostKeyAlgs,
- encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"],
- encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"],
- mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"],
- mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"],
+ encryption_algorithms_client_to_server = CipherAlgs,
+ encryption_algorithms_server_to_client = CipherAlgs,
+ mac_algorithms_client_to_server = HashAlgs,
+ mac_algorithms_server_to_client = HashAlgs,
compression_algorithms_client_to_server = Compression,
compression_algorithms_server_to_client = Compression,
languages_client_to_server = [],
@@ -129,14 +142,15 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
};
kexinit_messsage(server, Random, Compression, HostKeyAlgs) ->
+ {CipherAlgs, HashAlgs} = available_ssh_algos(),
#ssh_msg_kexinit{
cookie = Random,
kex_algorithms = ["diffie-hellman-group1-sha1"],
server_host_key_algorithms = HostKeyAlgs,
- encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"],
- encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"],
- mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"],
- mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"],
+ encryption_algorithms_client_to_server = CipherAlgs,
+ encryption_algorithms_server_to_client = CipherAlgs,
+ mac_algorithms_client_to_server = HashAlgs,
+ mac_algorithms_server_to_client = HashAlgs,
compression_algorithms_client_to_server = Compression,
compression_algorithms_server_to_client = Compression,
languages_client_to_server = [],
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index 5a3bd21b55..e003b135b1 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -237,10 +237,14 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) ->
ct:sleep(500),
- Ciphers = [{"3des-cbc", true},
- {"aes128-cbc", true},
- {"aes128-ctr", true},
- {"aes256-cbc", false}],
+ Supports = crypto:supports(),
+ Ciphers = proplists:get_value(ciphers, Supports),
+ Tests = [
+ {"3des-cbc", lists:member(des3_cbc, Ciphers)},
+ {"aes128-cbc", lists:member(aes_cbc128, Ciphers)},
+ {"aes128-ctr", lists:member(aes_ctr, Ciphers)},
+ {"aes256-cbc", false}
+ ],
lists:foreach(fun({Cipher, Expect}) ->
Cmd = "ssh -p " ++ integer_to_list(Port) ++
" -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++
@@ -266,7 +270,7 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) ->
ct:fail("Did not receive no matching cipher message")
end
end
- end, Ciphers),
+ end, Tests),
ssh:stop_daemon(Pid).
@@ -285,8 +289,10 @@ erlang_server_openssh_client_macs(Config) when is_list(Config) ->
ct:sleep(500),
- MACs = [{"hmac-sha1", true},
- {"hmac-sha2-256", true},
+ Supports = crypto:supports(),
+ Hashs = proplists:get_value(hashs, Supports),
+ MACs = [{"hmac-sha1", lists:member(sha, Hashs)},
+ {"hmac-sha2-256", lists:member(sha256, Hashs)},
{"hmac-md5-96", false},
{"hmac-ripemd160", false}],
lists:foreach(fun({MAC, Expect}) ->