Back to FlowSsh Documentation

KeyExchangeAlgs Structure/Class

[C]

struct FlowSshC_KeyExchangeAlgs
{
  byte m_curve25519;
  byte m_ecdhSecp256k1;
  byte m_ecdhNistp512;
  byte m_ecdhNistp384;
  byte m_ecdhNistp256;
  
  unsigned int m_gexBitsMin;
  unsigned int m_gexBitsOpt;
  unsigned int m_gexBitsMax;
  
  byte m_dhG16Sha512;
  byte m_dhG15Sha512;
  byte m_dhG14Sha256;
  byte m_dhG14Sha1;
  byte m_dhG1Sha1;
  byte m_dhGexSha256;
  byte m_dhGexSha1;
};

[C++]

struct KeyExchangeAlgs : public FlowSshC_KeyExchangeAlgs
{
  KeyExchangeAlgs()
  {
    m_curve25519 = 1;
    m_ecdhSecp256k1 = 1;
    m_ecdhNistp512 = 1;
    m_ecdhNistp384 = 1;
    m_ecdhNistp256 = 1;
    
    m_gexBitsMin = 0;
    m_gexBitsOpt = 0;
    m_gexBitsMax = 0;
    
    m_dhG16Sha512 = 1;
    m_dhG15Sha512 = 1;
    m_dhG14Sha256 = 1;
    m_dhG14Sha1 = 1;
    m_dhG1Sha1 = 0;
    m_dhGexSha256 = 1;
    m_dhGexSha1 = 1;
  }
};

[C#]

public sealed class KeyExchangeAlgs
{
  Byte Curve25519;
  Byte EcdhSecp256k1;
  Byte EcdhNistp512;
  Byte EcdhNistp384;
  Byte EcdhNistp256;
  
  UInt32 GexBitsMin;
  UInt32 GexBitsOpt;
  UInt32 GexBitsMax;
  
  Byte DhG16Sha512;
  Byte DhG15Sha512;
  Byte DhG14Sha256;
  Byte DhG14Sha1;
  Byte DhG1Sha1;
  Byte DhGexSha256;
  Byte DhGexSha1;
  
  public KeyExchangeAlgs()
  {
    Curve25519 = 1;
    EcdhSecp256k1 = 1;
    EcdhNistp512 = 1;
    EcdhNistp384 = 1;
    EcdhNistp256 = 1;
    
    GexBitsMin = 0;
    GexBitsOpt = 0;
    GexBitsMax = 0;
    
    DhG16Sha512 = 1;
    DhG15Sha512 = 1;
    DhG14Sha256 = 1;
    DhG14Sha1 = 1;
    DhG1Sha1 = 0;
    DhGexSha256 = 1;
    DhGexSha1 = 0;
  }
}

Members

  • Curve25519: Priority of "curve25519-sha256" and "curve25519-sha256@libssh.org".
  • EcdhSecp256k1: Priority of "ecdh-sha2-1.3.132.0.10".
  • EcdhNistp512: Priority of "ecdh-sha2-nistp521".
  • EcdhNistp384: Priority of "ecdh-sha2-nistp384".
  • EcdhNistp256: Priority of "ecdh-sha2-nistp256".
  • GexBitsMin: Minimum requested size of group parameters if using one of the Diffie Hellman key exchange methods with group exchange. Pass zero to use a default value preferred by your version of FlowSsh.
  • GexBitsOpt: Optimum requested size of group parameters if using one of the Diffie Hellman key exchange methods with group exchange. Pass zero to use a default value preferred by your version of FlowSsh.
  • GexBitsMax: Maximum requested size of group parameters if using one of the Diffie Hellman key exchange methods with group exchange. Pass zero to use a default value preferred by your version of FlowSsh.
  • DhG16Sha512: Priority of "diffie-hellman-group16-sha512". This algorithm performs session key exchange with 4096-bit fixed group parameters using SHA-2 512 hashing.
  • DhG15Sha512: Priority of "diffie-hellman-group15-sha512". This algorithm performs session key exchange with 3072-bit fixed group parameters using SHA-2 512 hashing.
  • DhG14Sha256: Priority of "diffie-hellman-group14-sha256". This algorithm performs session key exchange with 2048-bit fixed group parameters using SHA-2 256 hashing.
  • DhG14Sha1: Priority of "diffie-hellman-group14-sha1". This algorithm performs session key exchange with 2048-bit fixed group parameters using SHA-1 hashing. Despite SHA-1, continues to be enabled by default for compatibility reasons.
  • DhG1Sha1: Priority of "diffie-hellman-group1-sha1". This algorithm performs session key exchange with 1024-bit fixed group parameters. Disabled by default for security reasons: 1024-bit fixed group parameters are now believed to be too small.
  • DhGexSha256: Priority of "diffie-hellman-group-exchange-sha256". This algorithm allows the server to choose a suitable size DH group for key exchange using SHA-256 hashing. The GexBits... parameters apply to choose the size of the group.
  • DhGexSha1: Priority of "diffie-hellman-group-exchange-sha1". This algorithm allows the server to choose a suitable size DH group for key exchange using SHA-1 hashing. The GexBits... parameters apply to choose the size of the group. Disabled by default for security reasons: SHA-1 is now disrecommended, and a SHA-256 version of this key exchange method is usually available.

Remarks

The KeyExchangeAlgs structure/class is used to enable and prioritize, or disable, key exchange algorithms for the session. For member values, the following rules apply:

  • An algorithm is enabled if it holds a non-zero value.
  • Algorithms with lower non-zero values precede algorithms with higher values.
  • Algorithms holding the same non-zero value are ordered by their declaration order.