Re: Broken by design then.
Its also broken by design so that users can't plug in their own block cipher, hash or public key encryption. The days of enumerating a few options just to save a byte in a startup packet are long gone and the concepts of plug in ciphers are well known and offer options once something falls to the crypto gods. If my client and server want to do AES512 with 20 rounds, the protocol should allow me to add a config line saying prefer "AES512_20rounds-GCM-SHA512_160rounds" without breaking anything. Right now, the client and server software need to be hacked, and ID type that will conflict in the future will need to be added, the crypto libraries need to be updated and then everything has to be recompiled. That process is why there are so many broken systems out on the web today.