From fed43719a2f26d76821de826472adea452e78d34 Mon Sep 17 00:00:00 2001
From: Etienne Perot <etienne@perot.me>
Date: Wed, 27 Mar 2013 01:29:51 -0400
Subject: [PATCH] Update sshd MACs list

Update sshd's preferred MACs list in order to a) favor stronger hash
functions (sha512 and sha256) over sha1, and b) to favor
Encrypt-then-MAC (*-etm) modes over regular (Encrypt-and-MAC) modes.
The Encrypt-then-MAC modes were released as part of OpenSSH 6.2:
http://www.openssh.com/txt/release-6.2
---
 configs/sshd/sshd-pfs_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/sshd/sshd-pfs_config b/configs/sshd/sshd-pfs_config
index 6402155..d6cd321 100644
--- a/configs/sshd/sshd-pfs_config
+++ b/configs/sshd/sshd-pfs_config
@@ -1,2 +1,2 @@
 Ciphers aes256-ctr
-MACs hmac-sha1
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1