Mercurial > dropbear
changeset 1293:dc8f7997f10f
move group14 and group16 to options.h, group14-sha256 on by default
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 02 May 2016 17:03:55 +0200 |
parents | 432b0a030fd6 |
children | 56aba7dedbea |
files | options.h sysoptions.h |
diffstat | 2 files changed, 12 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/options.h Fri Apr 29 23:04:10 2016 +0800 +++ b/options.h Mon May 02 17:03:55 2016 +0200 @@ -168,10 +168,20 @@ * ECDSA above */ #define DROPBEAR_ECDH -/* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though - is the only option for interoperability with some older SSH programs */ +/* Key exchange algorithm. + * group1 - 1024 bit, sha1 + * group14 - 2048 bit, sha1 + * group14_256 - 2048 bit, sha2-256 + * group16 - 4096 bit, sha2-512 + * + * group14 is supported by most implementations. + * group16 provides a greater strength but is slower and increases binary size + * group1 is necessary if compatibility with Dropbear versions < 0.53 is required + */ #define DROPBEAR_DH_GROUP1 1 #define DROPBEAR_DH_GROUP14 1 +#define DROPBEAR_DH_GROUP14_256 1 +#define DROPBEAR_DH_GROUP16 0 /* Control the memory/performance/compression tradeoff for zlib. * Set windowBits=8 for least memory usage, see your system's
--- a/sysoptions.h Fri Apr 29 23:04:10 2016 +0800 +++ b/sysoptions.h Mon May 02 17:03:55 2016 +0200 @@ -127,11 +127,6 @@ #define DROPBEAR_MD5 #endif -/* These are disabled in Dropbear 2016.73 by default since the spec - draft-ietf-curdle-ssh-kex-sha2-02 is under development. */ -#define DROPBEAR_DH_GROUP14_256 0 -#define DROPBEAR_DH_GROUP16 0 - /* roughly 2x 521 bits */ #define MAX_ECC_SIZE 140