Add the strict key exchange extension

[darses]

After the Terrapin attack a two new SSH Extensions were introduced: [email protected] (Client) and [email protected] (Server).

This is a feature request to add these extensions to the comparison.

I will quote the OpenSSH PROTOCOL page for more information:

1.10 transport: strict key exchange extension

OpenSSH supports a number of transport-layer hardening measures under
a "strict KEX" feature. This feature is signalled similarly to the
RFC8308 ext-info feature: by including a additional algorithm in the
initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
"[email protected]" to its kex_algorithms and the server
may append "[email protected]". These pseudo-algorithms
are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
if they are present in subsequent SSH2_MSG_KEXINIT packets.

[fingolfin]

I'd be happy to merge a PR adding this.

Anyone who would like to work on this should probably start by editing https://github.com/fingolfin/ssh-comparison/blob/gh-pages/_data/specs.yml

But then of course the entries for clients supporting it (presumably at least OpenSSH) should be updated to reflect that, by editing their entries in https://github.com/fingolfin/ssh-comparison/tree/gh-pages/_impls

[darses]

I am working on a PR, primarily based on the patches page on the Terrapin website.

At this moment my proposal is to add both client and server extensions, despite all implementations implementing either both or none.

Furthermore, I do not intend to list support for unreleased versions such as the support in Dropbear.

Please let me know if these are points that I need to reconsider while I draft a PR.