MySQL Connector/NET Developer Guide
This section includes the approved, deprecated, and invalid sets of SSH ciphers maintained by Connector/NET. The inclusion of ciphers and algorithms in the various lists can change over time.
Approved SSH ciphers and algorithms by category include:
Encryptions
aes128-ctr
aes192-ctr
aes256-ctr
Host Key Algorithms
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-ed25519
Key Exchange Algorithms
diffie-hellman-group-exchange-sha256
Keyed Hash Message Authentication Codes
hmac-sha2-256
hmac-sha2-256-96
hmac-sha2-512
hmac-sha2-512-96
Deprecated SSH ciphers and algorithms are available for legacy and interoperability purposes only. These items are subject to gradual phaseout (see Invalid SSH Ciphers).
The current set of deprecated ciphers and algorithms by category are:
Encryptions
aes128-cbc
aes192-cbc
aes256-cbc
Host Key Algorithms
ssh-rsa
Key Exchange Algorithms
diffie-hellman-group14-sha1
Keyed Hash Message Authentication Codes
hmac-sha1
The following SSH ciphers and algorithms (by category) are no longer permitted:
Encryptions
3des-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
twofish-cbc
twofish192-cbc
twofish128-cbc
twofish256-cbc
Host Key Algorithms
ssh-dss
Key Exchange Algorithms
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
Keyed Hash Message Authentication Codes
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1-96