clean up some default options

- move hmac-sha2-512, hmac-md5, twofish_ctr to sysoptions.h, off by default - try and improve text for KEX methods
author: Matt Johnston <matt@ucc.asn.au> 2018-02-18 22:27:51 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2018-02-18 22:27:51 +0800
commit: 34ee32607598cdcaaf40dcaa99dd58c8eae672e3 (patch)
tree: ba417fefb8d03fbece768f4924e50b9d04f9e1eb /sysoptions.h
parent: 1656db9e58e7e8188e4ca27ae4892b14949c56a5 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/sysoptions.h b/sysoptions.h
index b081ffc..ba4b4ca 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -99,6 +99,23 @@
 #define MAX_MAC_LEN 20
 #endif
 
+/* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
+#ifndef DROPBEAR_SHA2_512_HMAC
+#define DROPBEAR_SHA2_512_HMAC 0
+#endif
+
+/* might be needed for compatibility with very old implementations */
+#ifndef DROPBEAR_MD5_HMAC
+#define DROPBEAR_MD5_HMAC 0
+#endif
+
+/* Twofish counter mode is disabled by default because it 
+has not been tested for interoperability with other SSH implementations.
+If you test it please contact the Dropbear author */
+#ifndef DROPBEAR_TWOFISH_CTR
+#define DROPBEAR_TWOFISH_CTR 0
+#endif
+
 
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
author	Matt Johnston <matt@ucc.asn.au>	2018-02-18 22:27:51 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2018-02-18 22:27:51 +0800
commit	34ee32607598cdcaaf40dcaa99dd58c8eae672e3 (patch)
tree	ba417fefb8d03fbece768f4924e50b9d04f9e1eb /sysoptions.h
parent	1656db9e58e7e8188e4ca27ae4892b14949c56a5 (diff)