Differences
This shows you the differences between the selected revisions of the page.
| 2016-03-28 | 2016-05-24 | ||
| ecdh is &beta_feature (martin) | 5.8.3 Change: By default, warning is issued when using Diffie-Hellman group 1 key exchange algorithm. (martin) | ||
| Line 26: | Line 26: | ||
| * //ECDH//: elliptic curve Diffie-Hellman key exchange (&beta_feature). | * //ECDH//: elliptic curve Diffie-Hellman key exchange (&beta_feature). | ||
| - | * //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group. | ||
| - | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | ||
| * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | ||
| + | * //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group. | ||
| * //RSA key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | * //RSA key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | ||
| + | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | ||
| If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | ||