improve doc, reorder default Kex

README.md

@@ -109,7 +109,7 @@ Current hardcoded values:
 * Hostkeys are writed to: `hostkey.pem` or `hostkey.ser` in `${sftp.home}/keys/` directory
 * SecurityManager/Policy File is in `conf/${ID}/sftpd.policy` (custom) or `lib/sftpd.policy` (generic)
 * Htpasswd File is in `conf/${ID}/htpasswd` (custom) or `conf/htpasswd` (generic)
-* Default KexAlgorithms: `ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1`
+* Default KexAlgorithms: `diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1`
 * Default Ciphers: `aes128-ctr, aes192-ctr, aes256-ctr`
 * Default MACs: `[email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1`
 

src/main/java/org/javastack/sftpserver/Server.java

@@ -108,19 +108,12 @@ protected void setupFactories() {
 		// org.apache.sshd.common.BaseBuilder
 		sshd.setSubsystemFactories(Collections.singletonList(sftpSubsys));
 		sshd.setChannelFactories(Collections.singletonList(ChannelSessionFactory.INSTANCE));
-		// NOTE: Not all of these are supported by sshd-core
-		// man 5 sshd_config : Ciphers
-		// org.apache.sshd.common.config.ConfigFileReaderSupport.DEFAULT_CIPHERS
-		SshConfigFileReader.configureCiphers(sshd, //
-				db.getCiphers(), //
-				true, true);
-		// man 5 sshd_config : KexAlgorithms
-		// org.apache.sshd.common.config.ConfigFileReaderSupport.DEFAULT_KEX_ALGORITHMS
 		SshConfigFileReader.configureKeyExchanges(sshd, //
 				db.getKexAlgorithms(), //
 				true, ServerBuilder.DH2KEX, true);
-		// man 5 sshd_config : MACs
-		// org.apache.sshd.common.config.ConfigFileReaderSupport.DEFAULT_MACS
+		SshConfigFileReader.configureCiphers(sshd, //
+				db.getCiphers(), //
+				true, true);
 		SshConfigFileReader.configureMacs(sshd, //
 				db.getMacs(), //
 				true, true);
@@ -340,12 +333,38 @@ public boolean authenticate(final String username, final PublicKey key, final Se
 	// =================== Helper Classes
 
 	static class Config {
+		// @see https://stribika.github.io/2015/01/04/secure-secure-shell.html
+		// @see http://manpages.ubuntu.com/manpages/focal/man5/sshd_config.5.html
+		/**
+		 * man 5 sshd_config : KexAlgorithms
+		 * 
+		 * @see org.apache.sshd.common.config.ConfigFileReaderSupport#DEFAULT_KEX_ALGORITHMS
+		 * @see org.apache.sshd.common.kex.BuiltinDHFactories
+		 * @implNote Not all kex/ciphers/macs are supported by sshd-core
+		 */
 		public static final String DEFAULT_KEX_ALGORITHMS = "curve25519-sha256,[email protected]," + //
+				"diffie-hellman-group14-sha256," + //
+				"diffie-hellman-group16-sha512," + //
+				"diffie-hellman-group-exchange-sha256," + //
 				"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521," + //
-				"diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1";
+				"diffie-hellman-group14-sha1";
+		/**
+		 * man 5 sshd_config : Ciphers
+		 * 
+		 * @see org.apache.sshd.common.config.ConfigFileReaderSupport#DEFAULT_CIPHERS
+		 * @see org.apache.sshd.common.cipher.BuiltinCiphers
+		 * @implNote Not all kex/ciphers/macs are supported by sshd-core
+		 */
 		public static final String DEFAULT_CIPHERS = "[email protected]," + //
 				"aes128-ctr,aes192-ctr,aes256-ctr," + //
 				"[email protected],[email protected]";
+		/**
+		 * man 5 sshd_config : MACs
+		 * 
+		 * @see org.apache.sshd.common.config.ConfigFileReaderSupport#DEFAULT_MACS
+		 * @see org.apache.sshd.common.mac.BuiltinMacs
+		 * @implNote Not all kex/ciphers/macs are supported by sshd-core
+		 */
 		public static final String DEFAULT_MACS = "[email protected],[email protected]," + //
 				"[email protected],[email protected]," + //
 				"[email protected]," + //