Can we disable diffie-hellman-group-exchange-sha1 by default?

Mark D. Baushke mdb at juniper.net
Fri Feb 15 11:48:42 AEDT 2019


Yegor Ievlev <koops1997 at gmail.com> writes:

> Can we disable diffie-hellman-group14-sha1 too?

It is possible to disable the diffie-hellman-group14-sha1 key exchange,
but I personally recommend you just put it at the end of the list, so it
is not normally used for the key exhcange unless that is the ONLY thing
that your client has in common with the server (or vice versa).

I know of a number of devices out there which want one of the MTI key
exchange methods to be used.

	-- Mark


More information about the openssh-unix-dev mailing list