From cabbe717d3d18ba1f6904fa9838b395ca2d08b22 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Tue, 30 Jun 2020 22:58:28 -0400
Subject: [PATCH] Added 'diffie-hellman-group1-sha256' kex.

---
 README.md    | 5 +++--
 ssh-audit.py | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2cb9677..e375d13 100644
--- a/README.md
+++ b/README.md
@@ -78,8 +78,9 @@ $ brew install ssh-audit
  - 1024-bit moduli upgraded from warnings to failures.
  - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
  - Suppress recommendation of token host key types.
- - Added 1 new host key types: `ssh-rsa1`.
- - Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`.
+ - Added 1 new host key type: `ssh-rsa1`.
+ - Added 1 new key exchange: `diffie-hellman-group1-sha256`.
+ - Added 3 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`.
  - Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`.
 
 ### v2.2.0 (2020-03-11)
diff --git a/ssh-audit.py b/ssh-audit.py
index e4dfa4c..eb6c583 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -660,7 +660,7 @@ class SSH2:  # pylint: disable=too-few-public-methods
                 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
                 'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],
                 'gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]],
-                'diffie-hellman-group1-sha256': [[], ],
+                'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]],
                 'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK]],
                 'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
                 'diffie-hellman-group14-sha256@ssh.com': [[]],