Comment 20 for bug 1287222

Both described issues - number of algorithms/ciphers/MACs and size of DH groups - are on 3rd party sides and should be fixed there. There are described workaround configurations for openssh clients so I would just document these issues and workaround configurations in KNOW ISSUES section in ssh(1) and other documentation.

(In reply to Till Maas from comment #4)
> You might also want to check whether a 128 bit symmetrical cipher works,
> since
> http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.3p1-increase-
> size-of-DF-groups.patch
> makes OpenSSH in Fedora use large DH parameters that other software might
> not yet support, see e.g. bug 1044586
>
> THis shows, that a 7680 bit DH parameter is used:
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192)

Not only Fedora, it's the upstream change [1] which follows NIST Special Publication 800-57.

[1] https://anongit.mindrot.org/openssh.git/commit/?id=df62d71e64d29d1054e7a53d1a801075ef70335f