Skip to main content

Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)

The information below is for an old version of the document.
Document Type This is an older version of an Internet-Draft that was ultimately published as an RFC.
Author Mark D. Baushke
Last updated 2017-03-27 (Latest revision 2016-09-20)
Replaces draft-baushke-ssh-dh-group-sha2
Stream Internet Engineering Task Force (IETF)
Expired & archived
OPSDIR Last Call Review Incomplete, due 2021-02-24
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


This document adds recommendations for adoption of ssh-curves from the [I-D.ietf-curdle-ssh-curves] and new-modp from the [I-D.ietf-curdle-ssh-modp-dh-sha2], and deprecates some previously specified Key Exchange Method algorithm names for the Secure Shell (SSH) protocol. It also updates [RFC4253], [RFC4419], [RFC4462], and [RFC5656] by specifying the set key exchange algorithms that currently exist and which ones MUST, SHOULD, MAY, and SHOULD NOT be implemented. New key exchange methods use the SHA-2 family of hashes.


Mark D. Baushke

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)