Differences
This shows you the differences between the selected revisions of the page.
| 2016-05-24 | 2016-05-24 | ||
| 5.8.3 Change: By default, warning is issued when using Diffie-Hellman group 1 key exchange algorithm. (martin) | updating from putty doc (martin) | ||
| Line 26: | Line 26: | ||
| * //ECDH//: elliptic curve Diffie-Hellman key exchange (&beta_feature). | * //ECDH//: elliptic curve Diffie-Hellman key exchange (&beta_feature). | ||
| - | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | + | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method instead of the well-known groups, if possible. |
| * //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group. | * //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group. | ||
| * //RSA key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | * //RSA key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | ||
| - | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software.· | + | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. We no longer recommend using this method, and it's not used by default; however, it may be the only method supported by very old server software. |
| If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | ||