summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2017-06-06 13:26:15 -0700
committerJeff Forcier <jeff@bitprophet.org>2017-06-06 13:26:15 -0700
commit772e405a2172fa90997fea9fdf2d9eb78a2f3fb7 (patch)
treebb3020fe5b3c21fbffe6f9dc559cfb380dff21ea
parent39d167298094eb04237db430cc6bc3cb7d988e3f (diff)
parent102c694ca8ae46d384d3a9c4e2e963836d6f1509 (diff)
Merge branch '2.0' into 2.1
-rw-r--r--paramiko/transport.py2
-rw-r--r--sites/www/changelog.rst4
2 files changed, 5 insertions, 1 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py
index 55afddad..24ca348a 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -114,10 +114,10 @@ class Transport(threading.Thread, ClosingContextManager):
_preferred_macs = (
'hmac-sha2-256',
'hmac-sha2-512',
+ 'hmac-sha1',
'hmac-md5',
'hmac-sha1-96',
'hmac-md5-96',
- 'hmac-sha1',
)
_preferred_keys = (
'ecdsa-sha2-nistp256',
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 14c804a8..da9d6d05 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
Changelog
=========
+* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the
+ now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an
+ incremental security improvement for users whose target systems offer both.
+ Credit: Pierce Lopez.
* :bug:`667` The RC4/arcfour family of ciphers has been broken since version
2.0; but since the algorithm is now known to be completely insecure, we are
opting to remove support outright instead of fixing it. Thanks to Alex Gaynor