Back to FlowSsh Documentation

KeyExchangeAlgs Structure/Class

[C]

struct FlowSshC_ExitSignal
{
  byte m_ecdhSecp256k1;
  byte m_ecdhNistp512;
  byte m_ecdhNistp384;
  byte m_ecdhNistp256;
  byte m_dhGexSha256;
  byte m_dhGexSha1;
  byte m_dhG14Sha1;
  byte m_dhG1Sha1;
};

[C++]

struct KeyExchangeAlgs : public FlowSshC_KeyExchangeAlgs
{
  KeyExchangeAlgs()
  {
    m_ecdhSecp256k1 = 1;
    m_ecdhNistp512 = 1;
    m_ecdhNistp384 = 1;
    m_ecdhNistp256 = 1;
    m_dhGexSha256 = 0;
    m_dhGexSha1 = 0;
    m_dhG14Sha1 = 1;
    m_dhG1Sha1 = 0;
  }
};

[C#]

public sealed class KeyExchangeAlgs
{
  public byte EcdhSecp256k1;
  public byte EcdhNistp512;
  public byte EcdhNistp384;
  public byte EcdhNistp256;
  public byte DhGexSha256;
  public byte DhGexSha1;
  public byte DhG14Sha1;
  public byte DhG1Sha1;
  
  public KeyExchangeAlgs()
  {
    EcdhSecp256k1 = 1;
    EcdhNistp512 = 1;
    EcdhNistp384 = 1;
    EcdhNistp256 = 1;
    DhGexSha256 = 0;
    DhGexSha1 = 0;
    DhG14Sha1 = 1;
    DhG1Sha1 = 0;
  }
}

Members

  • EcdhSecp256k1: Priority of "ecdh-sha2-1.3.132.0.10".
  • EcdhNistp512: Priority of "ecdh-sha2-nistp521".
  • EcdhNistp384: Priority of "ecdh-sha2-nistp384".
  • EcdhNistp256: Priority of "ecdh-sha2-nistp256".
  • DhGexSha256: Priority of "diffie-hellman-group-exchange-sha256". This algorithm allows the server to choose a suitable size DH group for key exchange using SHA-1. Disabled by default for compatibility reasons: most servers do not generate dynamic groups that can be used with a FIPS cryptographic module.
  • DhGexSha1: Priority of "diffie-hellman-group-exchange-sha1". This algorithm allows the server to choose a suitable size DH group for key exchange using SHA-256. Disabled by default for compatibility reasons: most servers do not generate dynamic groups that can be used with a FIPS cryptographic module.
  • DhG14Sha1: Priority of "diffie-hellman-group14-sha1". This algorithm performs session key exchange with 2048-bit fixed group parameters.
  • DhG1Sha1: Priority of "diffie-hellman-group1-sha1". This algorithm performs session key exchange with 1024-bit fixed group parameters. Disabled by default for security reasons: 1024-bit fixed group parameters are now believed to be too small.

Remarks

The KeyExchangeAlgs structure/class is used to enable and prioritize, or disable, key exchange algorithms for the session. For member values, the following rules apply:

  • An algorithm is enabled if it holds a non-zero value.
  • Algorithms with lower non-zero values precede algorithms with higher values.
  • Algorithms holding the same non-zero value are ordered by their declaration order.

By default, all supported key exchange algorithms are enabled except DhGexSha256, DhGexSha1, and DhG1Sha1. They are ordered by their declaration order.