Can we disable diffie-hellman-group-exchange-sha1 by default?

Darren Tucker dtucker at
Fri Feb 15 16:28:17 AEDT 2019

On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at> wrote:
> I don't think there is any point to generate so many moduli. Actually,
> 3 moduli of sizes 2048, 3072 and 4096 seem like a sane choice.

NIST SP 800-57 Part 1, on which the current group size selection code
is based, puts a 4k group at a little over 128 bits of security.  This
is why we generate larger groups (and request them, when using 192 and
256 bit ciphers).

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list