Diffie-Hellman Overview

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecure communications channel. This method allows two computer users to generate a shared private key with which they can then exchange information across an insecure channel.

ExtremeXOS supports Diffie-Hellman group 1, 14, 16, and 18 as part of the key exchange algorithms. In compliance with the Network Device collaborative Protection Profile (NDPP) of Common Criteria, the TSF (Target Security Function) ensures that diffie-hellman-group14-sha1 is the only minimal allowed key exchange method used for the SSH protocol.

ExtremeXOS uses group 14 by default as the minimal supported Diffie-Hellman group as 14 to avoid using the weaker Diffie-Hellman group 1 in an SSH server.