Mercurial > dropbear
comparison options.h @ 1248:739b3909c499
Get rid of group15, move group16 to sha512.
New groups are disabled by default pending
draft-ietf-curdle-ssh-kex-sha2-02 being finalised
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 12 Mar 2016 16:21:13 +0800 |
| parents | 6a7938ba004a |
| children | dc8f7997f10f |
comparison
equal
deleted
inserted
replaced
| 1247:428d83f2e5db | 1248:739b3909c499 |
|---|---|
| 150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | 150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
| 151 * code (either ECDSA or ECDH) increases binary size - around 30kB | 151 * code (either ECDSA or ECDH) increases binary size - around 30kB |
| 152 * on x86-64 */ | 152 * on x86-64 */ |
| 153 #define DROPBEAR_ECDSA | 153 #define DROPBEAR_ECDSA |
| 154 | 154 |
| 155 /* These larger DH groups (3072 and 4096 bit respectively) add to binary size | |
| 156 and may be significantly slower. Usually ECDH or curve25519 will be a better option */ | |
| 157 /*#define DROPBEAR_DH_GROUP15*/ | |
| 158 /*#define DROPBEAR_DH_GROUP16*/ | |
| 159 | |
| 160 /* Generate hostkeys as-needed when the first connection using that key type occurs. | 155 /* Generate hostkeys as-needed when the first connection using that key type occurs. |
| 161 This avoids the need to otherwise run "dropbearkey" and avoids some problems | 156 This avoids the need to otherwise run "dropbearkey" and avoids some problems |
| 162 with badly seeded /dev/urandom when systems first boot. | 157 with badly seeded /dev/urandom when systems first boot. |
| 163 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly | 158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly |
| 164 anything if dropbearkey is linked in a "dropbearmulti" binary) */ | 159 anything if dropbearkey is linked in a "dropbearmulti" binary) */ |
| 170 #define DROPBEAR_CURVE25519 | 165 #define DROPBEAR_CURVE25519 |
| 171 | 166 |
| 172 /* Enable elliptic curve Diffie Hellman key exchange, see note about | 167 /* Enable elliptic curve Diffie Hellman key exchange, see note about |
| 173 * ECDSA above */ | 168 * ECDSA above */ |
| 174 #define DROPBEAR_ECDH | 169 #define DROPBEAR_ECDH |
| 170 | |
| 171 /* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though | |
| 172 is the only option for interoperability with some older SSH programs */ | |
| 173 #define DROPBEAR_DH_GROUP1 1 | |
| 174 #define DROPBEAR_DH_GROUP14 1 | |
| 175 | 175 |
| 176 /* Control the memory/performance/compression tradeoff for zlib. | 176 /* Control the memory/performance/compression tradeoff for zlib. |
| 177 * Set windowBits=8 for least memory usage, see your system's | 177 * Set windowBits=8 for least memory usage, see your system's |
| 178 * zlib.h for full details. | 178 * zlib.h for full details. |
| 179 * Default settings (windowBits=15) will use 256kB for compression | 179 * Default settings (windowBits=15) will use 256kB for compression |