From b076c10d00ee2cb4d465291a4ef0a4be9f048d9a Mon Sep 17 00:00:00 2001
From: Sebastian Deiss <sdeiss@haw-landshut.de>
Date: Mon, 25 Aug 2014 16:52:06 +0200
Subject: reorder key exchange methods to increase security

---
 paramiko/transport.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/paramiko/transport.py b/paramiko/transport.py
index 86c9130c..65c1af79 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -95,7 +95,7 @@ class Transport (threading.Thread):
                           'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
     _preferred_macs = ('hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96')
     _preferred_keys = ('ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256')
-    _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1' )
+    _preferred_kex =  ( 'diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1' , 'diffie-hellman-group1-sha1')
     _preferred_compression = ('none',)
 
     _cipher_info = {
@@ -230,11 +230,11 @@ class Transport (threading.Thread):
         if self.use_gss_kex:
             self.kexgss_ctxt = GSSAuth("gssapi-keyex", gss_deleg_creds)
             self._preferred_kex = ('gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==',
-                                   'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
                                    'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+                                   'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
                                    'diffie-hellman-group-exchange-sha1',
-                                   'diffie-hellman-group1-sha1',
-                                   'diffie-hellman-group14-sha1')
+                                   'diffie-hellman-group14-sha1',
+                                   'diffie-hellman-group1-sha1')
 
         # state used during negotiation
         self.kex_engine = None
-- 
cgit v1.2.3