Petr Lautrbach <plautrba <at> redhat.com> writes: > > It was confirmed that openssh can't connect to the server with a server > string 'SSH-2.0-cryptlib' using diffie-hellman-group-exchange-sha1 and > 3des-cbc with SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192). > > It's due to a issue in its code [1] which takes only requested value and > is limited only to 4096 bits. Setting aside 3DES's effective crypto strength and NIST guidelines, it's unfortunate cryptlib-based SSH servers don't follow RFC4419 recommendations: "The server should return the smallest group it knows that is larger than the size the client requested. If the server does not know a group that is larger than the client request, then it SHOULD return the largest group it knows. In all cases, the size of the returned group SHOULD be at least 1024 bits." Have you asked them what exceptional circumstances (cf. RFC2119) justify the deviation? --mancha
