Casio Naurtech CETerm Ver.5.5 User Manual User Manual
Page 49
N
AURTECH
E
MULATORS
&
W
EB
B
ROWSER FOR
W
INDOWS
CE
/
W
INDOWS
M
OBILE
CETerm | CE3270 | CE5250 | CEVT220
Page 49
CETerm supplies a preference order intended to reflect a reasonable preference
in terms of security and speed.
In SSH-2, the encryption algorithm is negotiated independently for each direction
of the connection, although CETerm does not support separate configuration of
the preference orders. As a result you may get two warnings similar to the one
above, possibly with different encryptions.
Any algorithms below the ―* ignore following *‖ selection are not used and
ignored by CETerm.
NOTE: Single-DES is not recommended in the SSH-2 draft protocol standards,
but one or two server implementations do support it.
Diffie-Hellman Key Exchange Priority: Key exchange occurs at the start of an
SSH connection (and occasionally thereafter, depending upon your settings in
the SSH General tab); it establishes a shared secret that is used as the basis for
all of SSH security features. It is therefore very important for the security of the
connection that the key exchange is secure.
Key exchange is a cryptographically intensive process; if either the client or the
server is a relatively slow machine, the slower methods may take several tens of
seconds to complete.
NOTE: If connection startup is too slow, or the connection hangs periodically, you
may want to try changing these settings. If you don't understand what any of this
means, it's safe to leave these settings alone.
CETerm supports a variety of SSH-2 key exchange methods, and allows you to
choose which one you prefer to use. This configuration is similar to encryption
algorithm cipher selection. CETerm currently supports the following varieties of
Diffie-Hellman key exchange:
D
–H Group exchange: with this method, instead of using a fixed group,
CETerm requests that the server suggest a group to use for key
exchange; the server can avoid groups known to be weak, and possibly
invent new ones over time, without any changes required to CETerm's
configuration. We recommend use of this method, if possible.
D
–H Group 14: a well-known 2048-bit group.
D
–H Group 1: a well-known 1024-bit group. This is less secure than
group 14, but may be faster with slow client or server machines, and may
be the only method supported by older server software.
If the first algorithm CETerm finds is
below the ―* warn below here*‖ line, you will
see a warning box when you make the connection, similar to the one discussed
in the previous (encryption priority selection) configuration.