Can we disable diffie-hellman-group14-sha1 by default?

Yegor Ievlev koops1997 at
Sun Jan 20 10:12:20 AEDT 2019

e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512
are fine, they use PSS.

On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at> wrote:
> Also can we do anything with ssh-rsa? It uses both SHA-1 and
> deprecated PKCS#1 padding. If it's used to sign certificates, there's
> no additional protection of SHA-2 hashing before SHA-1 signature, it
> just signs the raw certificate.
> On Sat, Jan 19, 2019 at 11:32 PM Yegor Ievlev <koops1997 at> wrote:
> >
> > I'm not sure if collision resistance is required for DH key
> > derivation, but generally, SHA-1 is on its way out. If it's possible
> > (if there's not a very large percentage of servers that do not support
> > anything newer), it should be disabled.

More information about the openssh-unix-dev mailing list