From 9ee7085ca258d26562b77060154e5547d2b67969 Mon Sep 17 00:00:00 2001
From: Anselm Kruis <a.kruis@science-computing.de>
Date: Tue, 1 Aug 2017 13:32:36 +0200
Subject: [PATCH] Transport: fix the preferred KEX algorithms for gssapi-keyex

Add additional KEX algorithms for gssapi-keyex in front of the
default preferred KEX algorithms, if gssapi-keyex is enabled.

Before this change, Transport used a hard coded (and out-dated) list of
algorithms, if gssapi-keyex was enabled.
---
 paramiko/transport.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/paramiko/transport.py b/paramiko/transport.py
index 19d8ee70f..bbdf9e38d 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -132,6 +132,11 @@ class Transport(threading.Thread, ClosingContextManager):
         'diffie-hellman-group-exchange-sha1',
         'diffie-hellman-group-exchange-sha256',
     )
+    _preferred_gsskex = (
+        'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+        'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+        'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
+    )
     _preferred_compression = ('none',)
 
     _cipher_info = {
@@ -333,12 +338,7 @@ def __init__(self,
         self.gss_host = None
         if self.use_gss_kex:
             self.kexgss_ctxt = GSSAuth("gssapi-keyex", gss_deleg_creds)
-            self._preferred_kex = ('gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==',
-                                   'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==',
-                                   'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==',
-                                   'diffie-hellman-group-exchange-sha1',
-                                   'diffie-hellman-group14-sha1',
-                                   'diffie-hellman-group1-sha1')
+            self._preferred_kex = self._preferred_gsskex + self._preferred_kex
 
         # state used during negotiation
         self.kex_engine = None