Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mRemoteNG/PuTTYNG.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/settings.c
diff options
context:
space:
mode:
Diffstat (limited to 'settings.c')
-rw-r--r--settings.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/settings.c b/settings.c
index 44ec1978..cd286eb4 100644
--- a/settings.c
+++ b/settings.c
@@ -33,15 +33,20 @@ static const struct keyvalwhere kexnames[] = {
{ "ecdh", KEX_ECDH, -1, +1 },
/* This name is misleading: it covers both SHA-256 and SHA-1 variants */
{ "dh-gex-sha1", KEX_DHGEX, -1, -1 },
- { "dh-group18-sha512", KEX_DHGROUP18, -1, -1 },
- { "dh-group17-sha512", KEX_DHGROUP17, -1, -1 },
- { "dh-group16-sha512", KEX_DHGROUP16, -1, -1 },
- { "dh-group15-sha512", KEX_DHGROUP15, -1, -1 },
/* Again, this covers both SHA-256 and SHA-1, despite the name: */
{ "dh-group14-sha1", KEX_DHGROUP14, -1, -1 },
/* This one really is only SHA-1, though: */
{ "dh-group1-sha1", KEX_DHGROUP1, KEX_WARN, +1 },
{ "rsa", KEX_RSA, KEX_WARN, -1 },
+ /* Larger fixed DH groups: prefer the larger 15 and 16 over 14,
+ * but by default the even larger 17 and 18 go below 16.
+ * Rationale: diminishing returns of improving the DH strength are
+ * outweighed by increased CPU cost. Group 18 is painful on a slow
+ * machine. Users can override if they need to. */
+ { "dh-group15-sha512", KEX_DHGROUP15, KEX_DHGROUP14, -1 },
+ { "dh-group16-sha512", KEX_DHGROUP16, KEX_DHGROUP15, -1 },
+ { "dh-group17-sha512", KEX_DHGROUP17, KEX_DHGROUP16, +1 },
+ { "dh-group18-sha512", KEX_DHGROUP18, KEX_DHGROUP17, +1 },
{ "WARN", KEX_WARN, -1, -1 }
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 05:36:44 +0300