diff --git a/CHANGES b/CHANGES
index e3d9a8f431..1bc7c271a3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6.2.0-dev.13 | 2023-10-18 12:05:24 -0700
+
+  * Add new SSH key exchange algorithms reported by OpenSSH 9.0 (Tim Wojtulewicz, Corelight)
+
 6.2.0-dev.11 | 2023-10-17 19:33:47 +0200
 
   * gre-over-udp: Update testing pcap with both endpoints (Arne Welzel, Corelight)
diff --git a/VERSION b/VERSION
index 45c628e416..7d0469a041 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.2.0-dev.11
+6.2.0-dev.13
diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac
index 5a770e4af5..c343466ca3 100644
--- a/src/analyzer/protocol/ssh/ssh-protocol.pac
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@@ -475,6 +475,15 @@ refine connection SSH_Conn += {
 					// UNTESTED
 					if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) )
 						return true;
+					// UNTESTED
+					if ( update_kex_state_if_equal("diffie-hellman-group14-sha256", KEX_DH) )
+						return true;
+					// UNTESTED
+					if ( update_kex_state_if_equal("diffie-hellman-group16-sha512", KEX_DH) )
+						return true;
+					// UNTESTED
+					if ( update_kex_state_if_equal("diffie-hellman-group16-sha512", KEX_DH) )
+						return true;
 
 					if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) )
 						return true;
@@ -496,7 +505,9 @@ refine connection SSH_Conn += {
 						return true;
 					if ( update_kex_state_if_startswith("curve25519-sha256", KEX_ECC) )
 						return true;
-
+					// UNTESTED
+					if ( update_kex_state_if_startswith("sntrup761x25519-sha512", KEX_ECC) )
+						return true;
 
 					zeek_analyzer()->Weird("ssh_unknown_kex_algorithm", c_str(kex_algorithm_));
 					return true;