Page 1 of 1

WinSCP plugin - "Couldn't agree a key exchange algorithm"

Posted: 10 Aug 2020, 17:55
by ivank
Hello,
after upgrading OpenSSL on the server to the version 1.1.1g 21 Apr 2020, there is no way to connect there with Altap's WinSCP plugin.

You can see the error message over here.
error.png
error.png (8.17 KiB) Viewed 1217 times
Thank you,
Ivan

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Posted: 16 Sep 2020, 23:02
by ivank
Regarding of these pages https://github.blog/2017-02-27-crypto-d ... on-notice/ is diffie-hellman-group1-sha1 not safe.
The Logjam Attack research released in 2015 noted some key exchange algorithms were subject to an attack and should be disabled. In particular, they encouraged all system administrators to disable support for the diffie-hellman-group1-sha1 key exchange algorithm.
Also these pages https://tools.ietf.org/id/draft-ietf-cu ... ection.3.5 writing about diffie-hellman-group1-sha1.
This method uses [RFC7296] Oakley Group 2 (a 1024-bit MODP group) and SHA-1 [RFC3174]. Due to recent security concerns with SHA-1 [RFC6194] and with MODP groups with less than 2048 bits (see [LOGJAM] and [NIST-SP-800-131Ar1]), this method is considered insecure.
Is there any workaround?

Thank you,
Ivan K.

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Posted: 01 Oct 2020, 11:17
by tukanos
Well the issue is for both OpenSSL and OpenSSH. OpenSSH will block rsa-sha1 in near future too.

I think the only way is to get a new *winscp.spl* addon library from the developers, which would support the new key exchange algorithm. Since there is currently no official support or source codes, you can only ask the former developers to compile it for us or publish the source code.

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Posted: 21 Nov 2020, 23:32
by crystalidea
Same problem with Ubuntu 20.04

Re: WinSCP plugin - "Couldn't agree a key exchange algorithm"

Posted: 04 Jan 2021, 09:47
by tukanos
crystalidea wrote: 21 Nov 2020, 23:32 Same problem with Ubuntu 20.04
The issue will be everywhere till new spl will be provided.