Home
 |
FAQ
 |
Feedback
 |
Licence
 |
Updates
 |
Mirrors
 |
Keys
 |
Links
 |
Team
Download:
Stable
 ·
Snapshot
 |
Docs
 |
Changes
 |
Wishlist
A combined cipher/MAC scheme using AES in a Galois Counter Mode (GCM) is defined for SSH by RFC 5647.
OpenSSH defines and implements its own versions, aes256-gcm@openssh.com and aes128-gcm@openssh.com (described in their protocol extension documentation), which use the same cryptography but avoid the badly-specified negotiation semantics in the RFC.
As of August 2022, PuTTY implements this - only the OpenSSH variants, so PuTTY won't use this cipher/MAC with SSH servers that only offer the unsuffixed aes256-gcm and aes128-gcm protocol IDs (if any such servers exist). (PuTTY's implementation makes basic use of processor cryptographic acceleration where available, although it could probably be improved upon.)