x/crypto/ssh: Support sha-2 family hash algorithms for key exchange (RFC 8268) #31731
Labels
Milestone
Comments
But why? There are a number of more modern kexes based on elliptic curves, which are faster to process and (AFAIK) as secure. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request: Add support for sha-2 family hash algorithms for key exchange (RFC 8268)
Due to concerns with SHA-1 and with MODP groups with less than 2048 bits, RFC 8268 suggests to add 5 new key exchange algorithms:
diffie-hellman-group14-sha256
diffie-hellman-group15-sha512
diffie-hellman-group16-sha512
diffie-hellman-group17-sha512
diffie-hellman-group18-sha512
Currently, non of these new key exchange algorithms is present in x/crypto/ssh. For
diffie-hellman-group14-sha256
the RFC states it SHOULD be supported to smooth the transition to newer group sizes.The text was updated successfully, but these errors were encountered: