yes please.
On Fri, Jul 11, 2014 at 3:32 AM, Ted Unangst <t...@tedunangst.com> wrote:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
>
>
> Index: myproposal.h
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v
> retrieving revision 1.40
> diff -u -p -r1.40 myproposal.h
> --- myproposal.h 30 Apr 2014 19:07:48 -0000 1.40
> +++ myproposal.h 11 Jul 2014 09:31:21 -0000
> @@ -69,19 +69,19 @@
> "umac-128-...@openssh.com," \
> "hmac-sha2-256-...@openssh.com," \
> "hmac-sha2-512-...@openssh.com," \
> + "hmac-sha1-...@openssh.com," \
> "umac...@openssh.com," \
> "umac-...@openssh.com," \
> "hmac-sha2-256," \
> - "hmac-sha2-512" \
> + "hmac-sha2-512," \
> + "hmac-sha1"
>
> #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
> "hmac-md5-...@openssh.com," \
> - "hmac-sha1-...@openssh.com," \
> "hmac-ripemd160-...@openssh.com," \
> "hmac-sha1-96-...@openssh.com," \
> "hmac-md5-96-...@openssh.com," \
> "hmac-md5," \
> - "hmac-sha1," \
> "hmac-ripemd160," \
> "hmac-ripemd...@openssh.com," \
> "hmac-sha1-96," \
> @@ -102,16 +102,16 @@
> "umac-128-...@openssh.com," \
> "hmac-sha2-256-...@openssh.com," \
> "hmac-sha2-512-...@openssh.com," \
> + "hmac-sha1-...@openssh.com," \
> "umac...@openssh.com," \
> "umac-...@openssh.com," \
> "hmac-sha2-256," \
> - "hmac-sha2-512"
> + "hmac-sha2-512," \
> + "hmac-sha1"
>
> #define KEX_CLIENT_KEX KEX_SERVER_KEX
> #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
> -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
> - "hmac-sha1-...@openssh.com," \
> - "hmac-sha1"
> +#define KEX_CLIENT_MAC KEX_SERVER_MAC
>
> #endif /* WITH_OPENSSL */
>
>
