WinSCP plugin - "Couldn't agree a key exchange algorithm"

Discussion of bugs and problems found in Altap Salamander. In your reports, please be as descriptive as possible, and report one incident per report. Do not post crash reports here, send us the generated bug report by email instead, please.
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Hello,
after upgrading OpenSSL on the server to the version 1.1.1g 21 Apr 2020, there is no way to connect there with Altap's WinSCP plugin.

You can see the error message over here.
error.png
error.png (8.17 KiB) Viewed 17259 times
Thank you,
Ivan
ivank
Posts: 2
Joined: 10 Aug 2020, 17:41

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by ivank »

Regarding of these pages https://github.blog/2017-02-27-crypto-d ... on-notice/ is diffie-hellman-group1-sha1 not safe.
The Logjam Attack research released in 2015 noted some key exchange algorithms were subject to an attack and should be disabled. In particular, they encouraged all system administrators to disable support for the diffie-hellman-group1-sha1 key exchange algorithm.
Also these pages https://tools.ietf.org/id/draft-ietf-cu ... ection.3.5 writing about diffie-hellman-group1-sha1.
This method uses [RFC7296] Oakley Group 2 (a 1024-bit MODP group) and SHA-1 [RFC3174]. Due to recent security concerns with SHA-1 [RFC6194] and with MODP groups with less than 2048 bits (see [LOGJAM] and [NIST-SP-800-131Ar1]), this method is considered insecure.
Is there any workaround?

Thank you,
Ivan K.
User avatar
tukanos
Posts: 410
Joined: 21 Dec 2005, 19:14

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by tukanos »

Well the issue is for both OpenSSL and OpenSSH. OpenSSH will block rsa-sha1 in near future too.

I think the only way is to get a new *winscp.spl* addon library from the developers, which would support the new key exchange algorithm. Since there is currently no official support or source codes, you can only ask the former developers to compile it for us or publish the source code.
User avatar
crystalidea
Posts: 205
Joined: 09 Dec 2005, 15:13
Contact:

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by crystalidea »

Same problem with Ubuntu 20.04
User avatar
tukanos
Posts: 410
Joined: 21 Dec 2005, 19:14

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by tukanos »

crystalidea wrote: 21 Nov 2020, 23:32 Same problem with Ubuntu 20.04
The issue will be everywhere till new spl will be provided.
User avatar
tukanos
Posts: 410
Joined: 21 Dec 2005, 19:14

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by tukanos »

The solution is to use the TC sftp plugin.
Tigerente
Posts: 14
Joined: 04 Jan 2023, 10:47

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Post by Tigerente »

tukanos wrote: 19 Feb 2021, 09:25 The solution is to use the TC sftp plugin.
Yes, YMMD! Thank you. :)
Post Reply