Enable new GSSAPI Key exchange algorithms in OpenSSH

RFC8732 was finally published and it comes with new algorithms based on SHA2 and elliptic curves. If I try to enable them as attempted below, it will enable them also for FIPS policy, which should disable this group of algorithms altogether (unless something changed).

Adding these new algorithm will probably require some larger changes in the policy generator to exclude these (otherwise cryptograpicaly fine) algorithms or change to FIPS policy to explicitly disable the GSSAPIKeyExchange. Any pointer what would be a best approach would be welcomed.

diff --git a/python/policygenerators/openssh.py b/python/policygenerators/openssh.py
index af672cb..3d6febb 100644
--- a/python/policygenerators/openssh.py
+++ b/python/policygenerators/openssh.py
@@ -36,10 +36,9 @@ class OpenSSHGenerator(ConfigGenerator):
 
 	gss_hash_map = {
 		'SHA1':'gss-gex-sha1-,gss-group14-sha1-',
-		# Newer algorithms not enabled due to RFC not final yet
-		'SHA2-256':'',
+		'SHA2-256':'gss-group14-sha256-,gss-nistp256-sha256-,gss-curve25519-sha256-',
 		'SHA2-384':'',
-		'SHA2-512':'',
+		'SHA2-512':'gss-group16-sha512-',
 		'SHA3-256':'',
 		'SHA3-384':'',
 		'SHA3-512':'',