From 289d123fb8bb8175c5a0d7a9944d45556f3886db Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 22 Apr 2023 00:07:51 +0100 Subject: [PATCH] Put HMAC-SHA-512 below HMAC-SHA-256 in priority. For the same reason that diffie-hellman-group18 goes below group16: it's useful to _have_ it there, in case a server demands it, but under normal circumstances it seems like overkill and a waste of CPU. SHA-256 is not only intrinsically faster, it's also more likely to be hardware-accelerated, so PuTTY's preference is to use that if possible and SHA-512 only if necessary. --- ssh/transport2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh/transport2.c b/ssh/transport2.c index e5c5b0f5..96310e7d 100644 --- a/ssh/transport2.c +++ b/ssh/transport2.c @@ -20,7 +20,7 @@ const struct ssh_signkey_with_user_pref_id ssh2_hostkey_algs[] = { }; const static ssh2_macalg *const macs[] = { - &ssh_hmac_sha512, &ssh_hmac_sha256, + &ssh_hmac_sha256, &ssh_hmac_sha512, &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5 }; const static ssh2_macalg *const buggymacs[] = {