FCS_SSH_EXT.1.7 still has diffie-hellman-group14-sha1 as a mandatory key exchange method; however, sha1 is phasing out fast and newer implementations of SSH only support SHA-256 or stronger hashing algorithms. 

FCS_SSH_EXT.1.7 is modified as follows:

FCS_SSH_EXT.1.7 The TSF shall ensure that [selection: diffie-hellman-group14-sha1, diffie-hellman-group15-sha512, ecdh-sha2-nistp256] and [selection: diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, ecdh-sha2-nistp384, ecdh-sha2-nistp521, no other methods] are the only allowed key exchange methods used for the SSH protocol.

Application Note: The ST must select at least one supported key exchange algorithm in the first selection. The algorithms in the second selection are optional; if none are supported, the ST author must select "no other methods".

Assurance Activity:
Operational Guidance:

The evaluator shall check the guidance documentation to ensure that it contains instructions to the administrator on how to ensure that only the allowed key exchange algorithms are used in SSH connections with the TOE.

Test:

The evaluator shall also perform the following test:

1. [Conditional: TOE is a client] The evaluator shall configure an SSH server to permit all allowed key exchange methods. For each allowed key exchange method, the evaluator shall attempt to connect from the TOE to the SSH server and observe that the attempt succeeds.

2. [Conditional: TOE is a server] The evaluator shall configure an SSH client to only allow the diffie-hellman-group1-sha1 key exchange. The evaluator shall attempt to connect from the SSH client to the TOE and observe that the attempt fails.

3. [Conditional: TOE is a server] For each allowed key exchange method, the evaluator shall configure an SSH client to only allow that method for key exchange, attempt to connect from the client to the TOE, and observe that the attempt succeeds.

See issue description.