diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:26:15 -0700 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:26:15 -0700 |
commit | 772e405a2172fa90997fea9fdf2d9eb78a2f3fb7 (patch) | |
tree | bb3020fe5b3c21fbffe6f9dc559cfb380dff21ea | |
parent | 39d167298094eb04237db430cc6bc3cb7d988e3f (diff) | |
parent | 102c694ca8ae46d384d3a9c4e2e963836d6f1509 (diff) |
Merge branch '2.0' into 2.1
-rw-r--r-- | paramiko/transport.py | 2 | ||||
-rw-r--r-- | sites/www/changelog.rst | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py index 55afddad..24ca348a 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -114,10 +114,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 14c804a8..da9d6d05 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the + now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an + incremental security improvement for users whose target systems offer both. + Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor |