Preference aes256 ahead of aes128 for the client

aes256 should be secure against potential quantum computers, so
preference that. Previously aes128 had priority for performance, but
chacha20-poly1305 first preference already, and will perform better than
aes128 on slow systems anyway.

src/common-algo.c

@@ -129,30 +129,30 @@ algo_type sshciphers[] = {
 #endif
 
 #if DROPBEAR_ENABLE_GCM_MODE
-#if DROPBEAR_AES128
-	{"aes128-gcm@openssh.com", 0, &dropbear_aes128, 1, &dropbear_mode_gcm},
-#endif
 #if DROPBEAR_AES256
 	{"aes256-gcm@openssh.com", 0, &dropbear_aes256, 1, &dropbear_mode_gcm},
 #endif
+#if DROPBEAR_AES128
+	{"aes128-gcm@openssh.com", 0, &dropbear_aes128, 1, &dropbear_mode_gcm},
+#endif
 #endif /* DROPBEAR_ENABLE_GCM_MODE */
 
 #if DROPBEAR_ENABLE_CTR_MODE
-#if DROPBEAR_AES128
-	{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
-#endif
 #if DROPBEAR_AES256
 	{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
 #endif
+#if DROPBEAR_AES128
+	{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
+#endif
 #endif /* DROPBEAR_ENABLE_CTR_MODE */
 
 #if DROPBEAR_ENABLE_CBC_MODE
-#if DROPBEAR_AES128
-	{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
-#endif
 #if DROPBEAR_AES256
 	{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
 #endif
+#if DROPBEAR_AES128
+	{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
+#endif
 #endif /* DROPBEAR_ENABLE_CBC_MODE */
 
 #if DROPBEAR_3DES

src/default_options.h

@@ -94,7 +94,7 @@ IMPORTANT: Some options will require "make clean" after changes */
 #define DROPBEAR_USER_ALGO_LIST 1
 
 /* Encryption - at least one required.
- * AES128 should be enabled, some very old implementations might only
+ * AES should be enabled, some very old implementations might only
  * support 3DES.
  * Including both AES keysize variants (128 and 256) will result in
  * a minimal size increase */