We have a number of customers who are complaining Serv-U is using Key Exchange methods that are obsolete. As confirmed by case 1210846 your product can no longer be considered secure due to only supporting SHA1 for this, especially the diffie-hellman-group1-sha1 method. Security researchers have been warning about this now for many years and major vendors have removed support from their products.
Can we please get a Key Exchange Method implemented that any security researcher would now consider not just best practice but should be normal practice?
