Hi everyone, We are using libssh2 as the connection layer in one of our products and it has been working well. However, recently some customers have had trouble connecting to some hosts (e.g. newer Cisco routers) because key exchange negotiation fails.
Some fail because there is no overlap in the supported key exchange algorithms. In order to connect, the customer has to explicitly enable a deprecated algorithm on their hosts (diffie-hellman-group1-sha1). These customers would like us to support diffie-hellman-group14-sha256. We see that diffie-hellman-group14-sha256 support has recently been added to libssh2 but that it is not yet in any release. Does anyone know when an official release containing this key exchange algorithm will be available? Some other connections fail because LIBSSH2_DH_GEX_MAXGROUP is too small. These customers' machines reject values lower than 4096 by default but libssh2 only offers the range from 1024 to 2048. Do you have any plans to raise the MAXGROUP value? Openssh has a min/max range of 2048/8192 so perhaps that could be adopted in libssh2. Thanks for all your hard work in making libssh2, we really appreciate it. Cheers, Mitchell _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
