Put some #ifdef options around first-follows options in case they

need to be disabled --HG-- branch : kexguess
2025-06-26 18:17:32 +00:00 · 2013-04-03 00:43:31 +08:00
parent 78fbed8c3e
commit cbd3d5e3a5
4 changed files with 19 additions and 1 deletions
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -23,6 +23,15 @@
 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
 #endif

+/* A client should try and send an initial key exchange packet guessing
+ * the algorithm that will match - saves a round trip connecting, has little
+ * overhead if the guess was "wrong". */
+#define USE_KEX_FIRST_FOLLOWS
+/* Use protocol extension to allow "first follows" to succeed more frequently.
+ * This is currently Dropbear-specific but will gracefully fallback when connecting
+ * to other implementations. */
+#define USE_KEXGUESS2
+
 /* Minimum key sizes for DSS and RSA */
 #ifndef MIN_DSS_KEYLEN
 #define MIN_DSS_KEYLEN 512