MFH (r303716, r303719): drop SSH1 support, disable DSA by default

PR:		208254
Approved by:	re (gjb)
Relnotes:	yes

1 files changed, 4 insertions, 9 deletions

diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade
index 43e2a74..4b31eb3 100644
--- a/crypto/openssh/FREEBSD-upgrade
+++ b/crypto/openssh/FREEBSD-upgrade
@@ -142,30 +142,25 @@
    Support for TCP wrappers was removed in upstream 6.7p1.  We've
    added it back by porting the 6.6p1 code forward.
 
-6) DSA keys
-
-   DSA keys were disabled by default in upstream 6.9p1.  We've added
-   them back.
-
-7) Agent client reference counting
+6) Agent client reference counting
 
    We've added code to ssh-agent.c to implement client reference
    counting; the agent will automatically exit when the last client
    disconnects.
 
-8) Class-based login restrictions
+7) Class-based login restrictions
 
    We've added code to auth2.c to enforce the host.allow, host.deny,
    times.allow and times.deny login class capabilities.
 
-9) HPN
+8) HPN
 
    We no longer have the HPN patches (adaptive buffer size for
    increased throughput on high-BxD links), but we recognize and
    ignore HPN-related configuration options to avoid breaking existing
    configurations.
 
-A) AES-CBC
+9) AES-CBC
 
    The AES-CBC ciphers were removed from the server-side proposal list
    in 6.7p1 due to theoretical weaknesses and the availability of