PuTTY wish gss-key-exchange-more-algs

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: More GSSAPI key exchange algorithms (more groups/hashes, elliptic-curve)
class: wish: This is a request for an enhancement.
fixed-in: cec8c87626b3433907d214c91a072f75fbd06c91 (0.78)

GSSAPI key exchange works by using an existing SSH key exchange method together with GSSAPI, and having GSSAPI authenticate the output.

From PuTTY's initial implementation of GSS key exchange up to and including 0.77, PuTTY implemented only the originally standardised GSSAPI key exchange methods, all using integer Diffie-Hellman and SHA-1. But now we've added many more methods which were standardised later (RFC 8732):

Elliptic-curve Diffie-Hellman, using either the NIST curves or Curve25519;
Integer Diffie-Hellman with the same new fixed groups and hashes as just implemented in rfc8268-dh-groups;
Integer Diffie-Hellman with the already-available 2048-bit "group14" fixed group, but using SHA-256 as a hash function instead of SHA-1.

This brings the available set of GSSAPI-authenticated key exchange methods much closer to parity with those used for ordinary key exchange.

Neither SHA-1, nor small groups for integer Diffie-Hellman, will now be used unless the server doesn't support anything better.

If you want to comment on this web site, see the Feedback page.

Audit trail for this wish.

(last revision of this bug record was at 2022-10-28 17:29:14 +0100)