From eefc06f2efc541099e3c843283516a575dbfea03 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Tue, 7 Feb 2023 16:58:34 -0800
Subject: [PATCH] Reorder AES crypt methods so stronger ones are first

This make it more likely that a stronger one will be negotiated rather
than a weaker variant.
---
 src/crypt.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c
index 8d493b48..b7d9e6c6 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -310,11 +310,13 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 };
 #endif
 
+/* These are the crypt methods that are available to be negotiated. Methods
+   towards the start are chosen in preference to ones further down the list. */
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
 #if LIBSSH2_AES_CTR
-  &libssh2_crypt_method_aes128_ctr,
-  &libssh2_crypt_method_aes192_ctr,
   &libssh2_crypt_method_aes256_ctr,
+  &libssh2_crypt_method_aes192_ctr,
+  &libssh2_crypt_method_aes128_ctr,
 #endif /* LIBSSH2_AES */
 #if LIBSSH2_AES
     &libssh2_crypt_method_aes256_cbc,