Hi John, The short answer is YES. Jon DeVree <nuxi@xxxxxxxxxxx> writes: > I ask because the removal of diffie-hellman-group-exchange-sha1 happened > accidently in 7.8 due to a mistake in a change to readconf.c. I noticed > this and filed a bug about it along with a patch to fix readconf.c to use > KEX_CLIENT_* like it used to: The diffie-hellman-group-exchange-sha1 is an optional key exchange method provided by RFC4419 and updated by RFC8270. Support for it is not required and may (and in my opinion should) be disabled by default without any impact to the SSHv2 protocol. The only two Mandatory To Implement (MTI) key exchange methods are those in RFC3253 (diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1). Even though they are MTIs, that just means you need to be able configure them, there is no mandatory requirement that a given installation enable them by default. Enjoy! -- Mark _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
