Can we disable diffie-hellman-group14-sha1 by default?

Yegor Ievlev koops1997 at
Sun Jan 20 09:55:35 AEDT 2019

Also can we do anything with ssh-rsa? It uses both SHA-1 and
deprecated PKCS#1 padding. If it's used to sign certificates, there's
no additional protection of SHA-2 hashing before SHA-1 signature, it
just signs the raw certificate.

On Sat, Jan 19, 2019 at 11:32 PM Yegor Ievlev <koops1997 at> wrote:
> I'm not sure if collision resistance is required for DH key
> derivation, but generally, SHA-1 is on its way out. If it's possible
> (if there's not a very large percentage of servers that do not support
> anything newer), it should be disabled.

More information about the openssh-unix-dev mailing list