FAQ: What are the key exchange algorithms supported in VShell/Windows?

[bgagnon]

As of VShell version 4.5.3, these are the key exchange algorithms supported (with the version when first implemented):
diffie-hellman-group14-sha256 (v4.5)
diffie-hellman-group16-sha512 (v4.5)
diffie-hellman-group18-sha512 (v4.5)
curve25519-sha256 (v4.4)*
ecdh-sha2-nistp521 (v4.1)
ecdh-sha2-nistp384 (v4.1)
ecdh-sha2-nistp256 (v4.1)
diffie-hellman-group-exchange-sha256 (v4.1)
Kerberos (v3.5)*
Kerberos (Group Exchange) (v3.5)*
diffie-hellman-group14 (v2.3)
diffie-hellman-group (v1.x)
[diffie-hellman] (v1.x, but disabled since v4.1)
*Not available when VShell is running in FIPS mode



Note that while diffie-hellman is still available, it was disabled as of v4.1 due to well-documented flaws in the algorithm associated with news surrounding the Logjam vulnerability. Many other SSH servers and clients have turned off default support for the diffie-hellman key exchange algorithm.

Changes in VShell 4.1.1 (Official) -- July 14, 2015
-----------------------------------------------------------------------------------
Changes:

• In light of a potential vulnerability with SSH key exchange, similar to the TLS Logjam vulnerability, the diffie-hellman group1 key-exchange algorithm is no longer enabled by default and all 1024 bit primes have been removed from VShell's primes.txt file.