Supported cipher suites

From SEGGER Knowledge Base
Jump to navigation Jump to search

emSSH includes the most commonly used cipher suites, which allows connecting to nearly every popular SSH server or client.

Dynamically added cipher suites

Cipher suites are added to emSSH dynamically, at runtime, totally eliminating the nightmare of "configuration spaghetti" preprocessor symbols. When the required cipher suites are known, it is possible to create a minimal size configuration by not linking in unused algorithms.

The following cipher suites are available in emSSH:

Key exchange algorithms

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • rsa1024-sha1
  • rsa2048-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha224@ssh.com
  • diffie-hellman-group14-sha256@ssh.com
  • diffie-hellman-group15-sha256@ssh.com
  • diffie-hellman-group15-sha384@ssh.com
  • diffie-hellman-group16-sha384@ssh.com

Public key algorithms

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa
  • ssh-rsa-sha224@ssh.com
  • ssh-rsa-sha256@ssh.com
  • ssh-rsa-sha384@ssh.com
  • ssh-rsa-sha512@ssh.com
  • ssh-dss
  • ssh-dss-sha256@ssh.com
  • rsa-sha2-256
  • rsa-sha2-512

Encryption algorithms

  • chacha20-poly1305@openssh.com
  • aes256-ctr
  • aes256-cbc
  • aes192-ctr
  • aes192-cbc
  • aes128-ctr
  • aes128-cbc
  • camellia256-ctr
  • camellia256-cbc
  • camellia192-ctr
  • camellia192-cbc
  • camellia128-ctr
  • camellia128-cbc
  • 3des-ctr
  • 3des-cbc
  • twofish256-cbc
  • twofish256-ctr
  • twofish192-cbc
  • twofish192-ctr
  • twofish128-cbc
  • twofish128-ctr
  • twofish-cbc
  • blowfish-ctr
  • blowfish-cbc
  • arcfour256
  • arcfour128
  • arcfour
  • cast128-ctr
  • cast128-cbc
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • rijndael-cbc@lysator.liu.se
  • seed-cbc@ssh.com

MAC algorithms

  • hmac-sha2-512
  • hmac-sha2-256
  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-96
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha1-etm@openssh.com
  • hmac-sha1-96-etm@openssh.com
  • hmac-md5-etm@openssh.com
  • hmac-md5-96-etm@openssh.com
  • hmac-ripemd160@openssh.com
  • hmac-ripemd160-etm@openssh.com
  • hmac-sha224@ssh.com
  • hmac-sha256-2@ssh.com
  • hmac-sha384@ssh.com
  • hmac-sha512@ssh.com
Retrieved from "https://kb.segger.com/index.php?title=Supported_cipher_suites&oldid=21300"