PuTTY wish gss-key-exchange-more-algs

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: More GSSAPI key exchange algorithms (more groups/hashes, elliptic-curve)
class: wish: This is a request for an enhancement.
fixed-in: cec8c87626b3433907d214c91a072f75fbd06c91 (0.78)

GSSAPI key exchange works by using an existing SSH key exchange method together with GSSAPI, and having GSSAPI authenticate the output.

From PuTTY's initial implementation of GSS key exchange up to and including 0.77, PuTTY implemented only the originally standardised GSSAPI key exchange methods, all using integer Diffie-Hellman and SHA-1. But now we've added many more methods which were standardised later (RFC 8732):

This brings the available set of GSSAPI-authenticated key exchange methods much closer to parity with those used for ordinary key exchange.

Neither SHA-1, nor small groups for integer Diffie-Hellman, will now be used unless the server doesn't support anything better.


If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2022-10-28 17:29:14 +0100)