summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAnselm Kruis <a.kruis@science-computing.de>2017-08-01 13:32:36 +0200
committerAnselm Kruis <a.kruis@science-computing.de>2017-08-03 23:06:13 +0200
commit9ee7085ca258d26562b77060154e5547d2b67969 (patch)
tree221b2e66d00b5fa535beb13c6ccc6e5ca051c6cf
parent853a37f5a47ce1b0a9719e8e201e0ee48207631e (diff)
Transport: fix the preferred KEX algorithms for gssapi-keyex
Add additional KEX algorithms for gssapi-keyex in front of the default preferred KEX algorithms, if gssapi-keyex is enabled. Before this change, Transport used a hard coded (and out-dated) list of algorithms, if gssapi-keyex was enabled.
Diffstat
-rw-r--r--paramiko/transport.py12
1 files changed, 6 insertions, 6 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py
index 19d8ee70..bbdf9e38 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -132,6 +132,11 @@ class Transport(threading.Thread, ClosingContextManager):
'diffie-hellman-group-exchange-sha1',
'diffie-hellman-group-exchange-sha256',
)
+ _preferred_gsskex = (
+ 'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+ 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+ 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+ )
_preferred_compression = ('none',)
_cipher_info = {
@@ -333,12 +338,7 @@ class Transport(threading.Thread, ClosingContextManager):
self.gss_host = None
if self.use_gss_kex:
self.kexgss_ctxt = GSSAuth("gssapi-keyex", gss_deleg_creds)
- self._preferred_kex = ('gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==',
- 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==',
- 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
- 'diffie-hellman-group-exchange-sha1',
- 'diffie-hellman-group14-sha1',
- 'diffie-hellman-group1-sha1')
+ self._preferred_kex = self._preferred_gsskex + self._preferred_kex
# state used during negotiation
self.kex_engine = None
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-10 09:34:24 +0000