[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2527

            Bug ID: 2527
           Summary: default algorithms mismatch between man pages and
                    myproposal.h
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: Documentation
          Assignee: unassigned-b...@mindrot.org
          Reporter: i...@f2light.com

DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5)
differ with what openssh actually take.

NOTE: the following diff-style sections have the last algorithm ends
with ",". It's only for getting pretty diff result.

KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-...@openssh.com
and hman-sha1 is taken by default.

  --- DOCUMENT_SERVER_MAC
  +++ CODE_SERVER_MAC

   umac-64-...@openssh.com,
   umac-128-...@openssh.com,
   hmac-sha2-256-...@openssh.com,
   hmac-sha2-512-...@openssh.com,
  +hmac-sha1-...@openssh.com,
   umac...@openssh.com,
   umac-...@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
  +hmac-sha1,

KEX_CLIENT_ENCRYPT: rijndael-...@lysator.liu.se is missing in
ssh_config(5).

  --- DOCUMENT_CLIENT_ENCRYPT
  +++ CODE_CLIENT_ENCRYPT

   chacha20-poly1...@openssh.com,
   aes128-ctr,
   aes192-ctr,
   aes256-ctr,
   aes128-...@openssh.com,
   aes256-...@openssh.com,
   arcfour256,
   arcfour128,
   aes128-cbc,
   3des-cbc,
   blowfish-cbc,
   cast128-cbc,
   aes192-cbc,
   aes256-cbc,
   arcfour,
  +rijndael-...@lysator.liu.se,

KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in
ssh_config(5), and hmac-ripemd...@openssh.com is removed. (Probably
it's just an alias to hmac-ripemd160?)

  --- DOCUMENT_CLIENT_MAC
  +++ CODE_CLIENT_MAC

   umac-64-...@openssh.com,
   umac-128-...@openssh.com,
   hmac-sha2-256-...@openssh.com,
   hmac-sha2-512-...@openssh.com,
   +hmac-sha1-...@openssh.com,
   umac...@openssh.com,
   umac-...@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
   +hmac-sha1,
   hmac-md5-...@openssh.com,
   -hmac-sha1-...@openssh.com,
   hmac-ripemd160-...@openssh.com,
   hmac-sha1-96-...@openssh.com,
   hmac-md5-96-...@openssh.com,
   hmac-md5,
   -hmac-sha1,
   hmac-ripemd160,
   -hmac-ripemd...@openssh.com,
   hmac-sha1-96,
   hmac-md5-96,

P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG,
KEX_SERVER_ENCRYPT are correct.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs