From 36df70978a80e52f1055ac33785c81c33724a235 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 16 Apr 2001 07:49:11 +0000
Subject: [PATCH] After we fall back to 3DES, double-check the server really
 does support it, and bomb out with a complaint if not.

[originally from svn r1042]
---
 ssh.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssh.c b/ssh.c
index 8d310e1b..1c39fc47 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1510,6 +1510,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
     if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
 	c_write_str("Selected cipher not supported, falling back to 3DES\r\n");
 	cipher_type = SSH_CIPHER_3DES;
+	if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
+	    bombout(("Server violates SSH 1 protocol by "
+		     "not supporting 3DES encryption"));
+	    crReturn(0);
+	}
     }
     switch (cipher_type) {
       case SSH_CIPHER_3DES: logevent("Using 3DES encryption"); break;