Mercurial > dropbear
diff options.h @ 1248:739b3909c499
Get rid of group15, move group16 to sha512.
New groups are disabled by default pending
draft-ietf-curdle-ssh-kex-sha2-02 being finalised
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 12 Mar 2016 16:21:13 +0800 |
| parents | 6a7938ba004a |
| children | dc8f7997f10f |
line wrap: on
line diff
--- a/options.h Thu Mar 10 21:37:35 2016 +0800 +++ b/options.h Sat Mar 12 16:21:13 2016 +0800 @@ -152,11 +152,6 @@ * on x86-64 */ #define DROPBEAR_ECDSA -/* These larger DH groups (3072 and 4096 bit respectively) add to binary size - and may be significantly slower. Usually ECDH or curve25519 will be a better option */ -/*#define DROPBEAR_DH_GROUP15*/ -/*#define DROPBEAR_DH_GROUP16*/ - /* Generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems with badly seeded /dev/urandom when systems first boot. @@ -173,6 +168,11 @@ * ECDSA above */ #define DROPBEAR_ECDH +/* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though + is the only option for interoperability with some older SSH programs */ +#define DROPBEAR_DH_GROUP1 1 +#define DROPBEAR_DH_GROUP14 1 + /* Control the memory/performance/compression tradeoff for zlib. * Set windowBits=8 for least memory usage, see your system's * zlib.h for full details.