WinSCP plugin - "Couldn't agree a key exchange algorithm"

Discussion of bugs and problems found in Altap Salamander. In your reports, please be as descriptive as possible, and report one incident per report. Do not post crash reports here, send us the generated bug report by email instead, please.
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Hello,
after upgrading OpenSSL on the server to the version 1.1.1g 21 Apr 2020, there is no way to connect there with Altap's WinSCP plugin.

You can see the error message over here.
error.png
error.png (8.17 KiB) Viewed 532 times
Thank you,
Ivan
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Regarding of these pages https://github.blog/2017-02-27-crypto-d ... on-notice/ is diffie-hellman-group1-sha1 not safe.
The Logjam Attack research released in 2015 noted some key exchange algorithms were subject to an attack and should be disabled. In particular, they encouraged all system administrators to disable support for the diffie-hellman-group1-sha1 key exchange algorithm.
Also these pages https://tools.ietf.org/id/draft-ietf-cu ... ection.3.5 writing about diffie-hellman-group1-sha1.
This method uses [RFC7296] Oakley Group 2 (a 1024-bit MODP group) and SHA-1 [RFC3174]. Due to recent security concerns with SHA-1 [RFC6194] and with MODP groups with less than 2048 bits (see [LOGJAM] and [NIST-SP-800-131Ar1]), this method is considered insecure.
Is there any workaround?

Thank you,
Ivan K.
Post Reply