View Single Post
Old 08-16-2019, 04:10 PM
bgagnon bgagnon is offline
VanDyke Technical Support
Join Date: Oct 2008
Posts: 4,636
Question FAQ: What are the key exchange algorithms supported in VShell/Windows?

As of VShell version 4.5.3, these are the key exchange algorithms supported (with the version when first implemented):
diffie-hellman-group14-sha256 (v4.5)
diffie-hellman-group16-sha512 (v4.5)
diffie-hellman-group18-sha512 (v4.5)
curve25519-sha256 (v4.4)*
ecdh-sha2-nistp521 (v4.1)
ecdh-sha2-nistp384 (v4.1)
ecdh-sha2-nistp256 (v4.1)
diffie-hellman-group-exchange-sha256 (v4.1)
Kerberos (v3.5)*
Kerberos (Group Exchange) (v3.5)*

diffie-hellman-group14 (v2.3)
diffie-hellman-group (v1.x)
[diffie-hellman] (v1.x, but disabled since v4.1)
*Not available when VShell is running in FIPS mode

Note that while diffie-hellman is still available, it was disabled as of v4.1 due to well-documented flaws in the algorithm associated with news surrounding the Logjam vulnerability. Many other SSH servers and clients have turned off default support for the diffie-hellman key exchange algorithm.

Changes in VShell 4.1.1 (Official) -- July 14, 2015
  • In light of a potential vulnerability with SSH key exchange, similar to the TLS Logjam vulnerability, the diffie-hellman group1 key-exchange algorithm is no longer enabled by default and all 1024 bit primes have been removed from VShell's primes.txt file.
Attached Images
File Type: png vshell453_kexRev.png (44.3 KB, 2427 views)

VanDyke Software
Technical Support
(505) 332-5730

Last edited by bgagnon; 10-29-2020 at 08:18 AM. Reason: New graphic reflecting new additions in v4.5