summarylogtreecommitdiffstats
path: root/0000-jsch-disable-md5-3des-cbc-dss-arcfour.patch
blob: bcaf0d285774050e551ae790a6e1a777915eeb1a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

diff -pNaru5 a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java
--- a/src/main/java/com/jcraft/jsch/JSch.java	2018-11-20 05:58:55.000000000 -0500
+++ b/src/main/java/com/jcraft/jsch/JSch.java	2022-05-05 16:32:00.569792636 -0400
@@ -38,31 +38,31 @@ public class JSch{
    */
   public static final String VERSION  = "0.1.54";
 
   static java.util.Hashtable config=new java.util.Hashtable();
   static{
-    config.put("kex", "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
-    config.put("server_host_key", "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
+    config.put("kex", "ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1");
+    config.put("server_host_key", "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa");
     config.put("cipher.s2c", 
-               "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
+               "aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc");
     config.put("cipher.c2s",
-               "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
+               "aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc");
 
-    config.put("mac.s2c", "hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96");
-    config.put("mac.c2s", "hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96");
+    config.put("mac.s2c", "hmac-sha2-256,hmac-sha1");
+    config.put("mac.c2s", "hmac-sha2-256,hmac-sha1");
     config.put("compression.s2c", "none");
     config.put("compression.c2s", "none");
 
     config.put("lang.s2c", "");
     config.put("lang.c2s", "");
 
     config.put("compression_level", "6");
 
     config.put("diffie-hellman-group-exchange-sha1", 
                                 "com.jcraft.jsch.DHGEX");
-    config.put("diffie-hellman-group1-sha1", 
-	                        "com.jcraft.jsch.DHG1");
+//    config.put("diffie-hellman-group1-sha1", 
+//	                        "com.jcraft.jsch.DHG1");
     config.put("diffie-hellman-group14-sha1", 
                "com.jcraft.jsch.DHG14");    // available since JDK8.
     config.put("diffie-hellman-group-exchange-sha256", 
                "com.jcraft.jsch.DHGEX256"); // available since JDK1.4.2.
                                             // On JDK8, 2048bits will be used.
@@ -75,28 +75,28 @@ public class JSch{
     config.put("ecdh-sha2-nistp521", "com.jcraft.jsch.DHEC521");
 
     config.put("ecdh-sha2-nistp", "com.jcraft.jsch.jce.ECDHN");
 
     config.put("dh",            "com.jcraft.jsch.jce.DH");
-    config.put("3des-cbc",      "com.jcraft.jsch.jce.TripleDESCBC");
-    config.put("blowfish-cbc",  "com.jcraft.jsch.jce.BlowfishCBC");
+    //config.put("3des-cbc",      "com.jcraft.jsch.jce.TripleDESCBC");
+    //config.put("blowfish-cbc",  "com.jcraft.jsch.jce.BlowfishCBC");
     config.put("hmac-sha1",     "com.jcraft.jsch.jce.HMACSHA1");
-    config.put("hmac-sha1-96",  "com.jcraft.jsch.jce.HMACSHA196");
+    //config.put("hmac-sha1-96",  "com.jcraft.jsch.jce.HMACSHA196");
     config.put("hmac-sha2-256",  "com.jcraft.jsch.jce.HMACSHA256");
     // The "hmac-sha2-512" will require the key-length 2048 for DH,
     // but Sun's JCE has not allowed to use such a long key.
     //config.put("hmac-sha2-512",  "com.jcraft.jsch.jce.HMACSHA512");
-    config.put("hmac-md5",      "com.jcraft.jsch.jce.HMACMD5");
-    config.put("hmac-md5-96",   "com.jcraft.jsch.jce.HMACMD596");
+    //config.put("hmac-md5",      "com.jcraft.jsch.jce.HMACMD5");
+    //config.put("hmac-md5-96",   "com.jcraft.jsch.jce.HMACMD596");
     config.put("sha-1",         "com.jcraft.jsch.jce.SHA1");
     config.put("sha-256",         "com.jcraft.jsch.jce.SHA256");
     config.put("sha-384",         "com.jcraft.jsch.jce.SHA384");
     config.put("sha-512",         "com.jcraft.jsch.jce.SHA512");
     config.put("md5",           "com.jcraft.jsch.jce.MD5");
-    config.put("signature.dss", "com.jcraft.jsch.jce.SignatureDSA");
+    //config.put("signature.dss", "com.jcraft.jsch.jce.SignatureDSA");
     config.put("signature.rsa", "com.jcraft.jsch.jce.SignatureRSA");
-    config.put("keypairgen.dsa",   "com.jcraft.jsch.jce.KeyPairGenDSA");
+    //config.put("keypairgen.dsa",   "com.jcraft.jsch.jce.KeyPairGenDSA");
     config.put("keypairgen.rsa",   "com.jcraft.jsch.jce.KeyPairGenRSA");
     config.put("keypairgen.ecdsa", "com.jcraft.jsch.jce.KeyPairGenECDSA");
     config.put("random",        "com.jcraft.jsch.jce.Random");
 
     config.put("none",           "com.jcraft.jsch.CipherNone");
@@ -106,14 +106,14 @@ public class JSch{
     config.put("aes256-cbc",    "com.jcraft.jsch.jce.AES256CBC");
 
     config.put("aes128-ctr",    "com.jcraft.jsch.jce.AES128CTR");
     config.put("aes192-ctr",    "com.jcraft.jsch.jce.AES192CTR");
     config.put("aes256-ctr",    "com.jcraft.jsch.jce.AES256CTR");
-    config.put("3des-ctr",      "com.jcraft.jsch.jce.TripleDESCTR");
-    config.put("arcfour",      "com.jcraft.jsch.jce.ARCFOUR");
-    config.put("arcfour128",      "com.jcraft.jsch.jce.ARCFOUR128");
-    config.put("arcfour256",      "com.jcraft.jsch.jce.ARCFOUR256");
+    //config.put("3des-ctr",      "com.jcraft.jsch.jce.TripleDESCTR");
+    //config.put("arcfour",      "com.jcraft.jsch.jce.ARCFOUR");
+    //config.put("arcfour128",      "com.jcraft.jsch.jce.ARCFOUR128");
+    //config.put("arcfour256",      "com.jcraft.jsch.jce.ARCFOUR256");
 
     config.put("userauth.none",    "com.jcraft.jsch.UserAuthNone");
     config.put("userauth.password",    "com.jcraft.jsch.UserAuthPassword");
     config.put("userauth.keyboard-interactive",    "com.jcraft.jsch.UserAuthKeyboardInteractive");
     config.put("userauth.publickey",    "com.jcraft.jsch.UserAuthPublicKey");
@@ -128,11 +128,11 @@ public class JSch{
     config.put("StrictHostKeyChecking",  "ask");
     config.put("HashKnownHosts",  "no");
 
     config.put("PreferredAuthentications", "gssapi-with-mic,publickey,keyboard-interactive,password");
 
-    config.put("CheckCiphers", "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256");
+    config.put("CheckCiphers", "aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc");
     config.put("CheckKexes", "diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521");
     config.put("CheckSignatures", "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
 
     config.put("MaxAuthTries", "6");
     config.put("ClearAllForwardings", "no");