From d08006aaec92873c8cca6b7aeb57dcd2786fa330 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Wed, 18 Jan 2017 20:44:31 +0100
Subject: ssh: removed 'diffie-hellman-group1-sha1' from default list

Reason: very insecure
---
 lib/ssh/src/ssh_transport.erl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/ssh/src')

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 693691f835..d172005a85 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -79,6 +79,10 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()].
 
 algo_classes() -> [kex, public_key, cipher, mac, compression].
 
+default_algorithms(kex) ->
+    supported_algorithms(kex, [
+                               'diffie-hellman-group1-sha1' % Gone in OpenSSH 7.3.p1
+                              ]);
 
 default_algorithms(cipher) ->
     supported_algorithms(cipher, same(['AEAD_AES_128_GCM',
@@ -104,7 +108,7 @@ supported_algorithms(kex) ->
        {'diffie-hellman-group14-sha256',        [{public_keys,dh},   {hashs,sha256}]}, % In OpenSSH 7.3.p1
        {'diffie-hellman-group14-sha1',          [{public_keys,dh},   {hashs,sha}]},
        {'diffie-hellman-group-exchange-sha1',   [{public_keys,dh},   {hashs,sha}]},
-       {'diffie-hellman-group1-sha1',           [{public_keys,dh},   {hashs,sha}]} % Gone in OpenSSH 7.3.p1
+       {'diffie-hellman-group1-sha1',           [{public_keys,dh},   {hashs,sha}]}
       ]);
 supported_algorithms(public_key) ->
     select_crypto_supported(
-- 
cgit v1.2.3