From: djm@openbsd.org <djm@openbsd.org>
Date: Fri, 24 Jan 2020 00:28:57 +0000 (+0000)
Subject: upstream: remove ssh-rsa (SHA1) from the list of allowed CA
X-Git-Tag: V_8_2_P1~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3368a5d5ec368ef6bdf9971d6330ca0e3bdca06;p=thirdparty%2Fopenssh-portable.git

upstream: remove ssh-rsa (SHA1) from the list of allowed CA

signature algorithms ok markus

OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57
---

diff --git a/myproposal.h b/myproposal.h
index dd2499d66..5312e6058 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.66 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: myproposal.h,v 1.67 2020/01/24 00:28:57 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -87,8 +87,7 @@
 	"ssh-ed25519," \
 	"sk-ssh-ed25519@openssh.com," \
 	"rsa-sha2-512," \
-	"rsa-sha2-256," \
-	"ssh-rsa"
+	"rsa-sha2-256"
 
 #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com"
 #define	KEX_DEFAULT_LANG	""