From d862d8d60dcc5646f4b43c72f05536bfb7cd7f85 Mon Sep 17 00:00:00 2001
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Wed, 31 Aug 2022 20:47:48 +0100
Subject: [PATCH] Comment misleading string "dh-group14-sha1".

Like "dh-gex-sha1", this string used in session storage really covers
both SHA-256 and SHA-1 variants (since a624786333), with the former
preferred; but backward-compatibility makes it fiddly to change (and
it's mostly not visible to users).
---
 settings.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/settings.c b/settings.c
index c6c81562..c1119702 100644
--- a/settings.c
+++ b/settings.c
@@ -37,7 +37,9 @@ static const struct keyvalwhere kexnames[] = {
     { "dh-group17-sha512",  KEX_DHGROUP17,  -1, -1 },
     { "dh-group16-sha512",  KEX_DHGROUP16,  -1, -1 },
     { "dh-group15-sha512",  KEX_DHGROUP15,  -1, -1 },
+    /* Again, this covers both SHA-256 and SHA-1, despite the name: */
     { "dh-group14-sha1",    KEX_DHGROUP14,  -1, -1 },
+    /* This one really is only SHA-1, though: */
     { "dh-group1-sha1",     KEX_DHGROUP1,   KEX_WARN, +1 },
     { "rsa",                KEX_RSA,        KEX_WARN, -1 },
     { "WARN",               KEX_WARN,       -1, -1 }