PuTTY wish aes-gcm

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: AES Galois Counter Mode (GCM) ciphers for SSH
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: low: We aren't sure whether to fix this or not.
fixed-in: c1a2114b28125572cf54c393bd51a6a39c4f00bd (0.78)

A combined cipher/MAC scheme using AES in a Galois Counter Mode (GCM) is defined for SSH by RFC 5647.

OpenSSH defines and implements its own versions, aes256-gcm@openssh.com and aes128-gcm@openssh.com (described in their protocol extension documentation), which use the same cryptography but avoid the badly-specified negotiation semantics in the RFC.

As of August 2022, PuTTY implements this - only the OpenSSH variants, so PuTTY won't use this cipher/MAC with SSH servers that only offer the unsuffixed aes256-gcm and aes128-gcm protocol IDs (if any such servers exist). (PuTTY's implementation makes basic use of processor cryptographic acceleration where available, although it could probably be improved upon.)

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2022-09-11 23:46:37 +0100)