WinSCP plugin - "Couldn't agree a key exchange algorithm"

Discussion of bugs and problems found in Altap Salamander. In your reports, please be as descriptive as possible, and report one incident per report. Do not post crash reports here, send us the generated bug report by email instead, please.
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Hello,
after upgrading OpenSSL on the server to the version 1.1.1g 21 Apr 2020, there is no way to connect there with Altap's WinSCP plugin.

You can see the error message over here.
error.png
error.png (8.17 KiB) Viewed 949 times
Thank you,
Ivan
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Regarding of these pages https://github.blog/2017-02-27-crypto-d ... on-notice/ is diffie-hellman-group1-sha1 not safe.
The Logjam Attack research released in 2015 noted some key exchange algorithms were subject to an attack and should be disabled. In particular, they encouraged all system administrators to disable support for the diffie-hellman-group1-sha1 key exchange algorithm.
Also these pages https://tools.ietf.org/id/draft-ietf-cu ... ection.3.5 writing about diffie-hellman-group1-sha1.
This method uses [RFC7296] Oakley Group 2 (a 1024-bit MODP group) and SHA-1 [RFC3174]. Due to recent security concerns with SHA-1 [RFC6194] and with MODP groups with less than 2048 bits (see [LOGJAM] and [NIST-SP-800-131Ar1]), this method is considered insecure.
Is there any workaround?

Thank you,
Ivan K.
User avatar
tukanos
Posts: 362
Joined: 21 Dec 2005, 19:14

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by tukanos »

Well the issue is for both OpenSSL and OpenSSH. OpenSSH will block rsa-sha1 in near future too.

I think the only way is to get a new *winscp.spl* addon library from the developers, which would support the new key exchange algorithm. Since there is currently no official support or source codes, you can only ask the former developers to compile it for us or publish the source code.
User avatar
crystalidea
Posts: 204
Joined: 09 Dec 2005, 15:13
Contact:

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by crystalidea »

Same problem with Ubuntu 20.04
Post Reply