Georgia SoftWorks

Specify Key Exchange Algorithms

Select SSH Server KEX Key Exchange Algorithms

Specify the Key Exchange algorithms available to the server that are offered to the client. The Key Exchange algorithms are offered to the client in the server’s default order unless specified. The default order will vary from release to release to deliver the best blend of security and performance. Specify the ciphers that the server can offer to the client by modifying the registry key szKexAlgoritms.

The key is:

The following is the default list for Key Exchange Algorithms.
curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

The following is the list and order of all Key Exchange Algorithms available.
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1Page

The list of Key Exchange Algorithms does not vary based the Enable/Disable value for FIPS 140-2 option.

The following is the procedure to change the registry key to specify the Key Exchange Algorithms available to the client.
1. Click the Start button at the bottom left corner of your screen
2. Click RUN
3. Type REGEDIT
4. Click OK
5. Select Registry Key:

6. Select the menu item Edit and then click on Modify
7. Enter the new value for the szKexAlgoritms and click OK

Watch How to Specify Key Exchange Algorithms

Your browser doesn't support HTML5 video.

The new value will take effect when the GSW SSHD service is restarted

Back to SSH Server FAQ

Document Number: FAQ-SSH-EX017001081519