Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456 PuTTY wish gss-key-exchange-more-algs
summary: More GSSAPI key exchange algorithms (more groups/hashes, elliptic-curve) class: wish: This is a request for an enhancement. fixed-in: cec8c87626b3433907d214c91a072f75fbd06c91 (0.78)
GSSAPI key exchange works by using an existing SSH key exchange method
together with GSSAPI, and having GSSAPI authenticate the output.
From PuTTY's initial implementation of GSS
key exchange up to and including 0.77, PuTTY implemented only the
originally standardised GSSAPI key exchange methods, all using integer
Diffie-Hellman and SHA-1.
But now we've added many more methods which were standardised later
(RFC 8732):
Elliptic-curve Diffie-Hellman, using either the NIST curves or
Curve25519;
Integer Diffie-Hellman with the same new fixed groups and hashes
as just implemented in rfc8268-dh-groups;
Integer Diffie-Hellman with the already-available 2048-bit
"group14" fixed group, but using SHA-256 as a hash function instead of
SHA-1.
This brings the available set of GSSAPI-authenticated key exchange
methods much closer to parity with those used for ordinary key exchange.
Neither SHA-1, nor small groups for integer Diffie-Hellman, will
now be used unless the server doesn't support anything better.
If you want to comment on this web site, see the
Feedback page.