Diffie-Hellman Groups

DH
Group #
Group DescriptionRFCRecommendation
1768 bit modulusRFC 2049AVOID
Available for use in IKEv1 * IKEv2
21024 bit modulusRFC 2049AVOID
Available for use in IKEv1 * IKEv2
3EC2N group over GF[2^155]RFC 2049Not available for use in modern IKE implementations.
4EC2N group over GF[2^185]RFC 2049Not available for use in modern IKE implementations.
51536 bit modulusRFC 3526AVOID
Available for use in IKEv1 * IKEv2
6EC2N group over GF[2^163]IETF DraftNot available for use in modern IKE implementations.
7EC2N group over GF[2^163]IETF DraftAVOID
Available for use in IKEv1
8EC2N group over GF[2^283]IETF DraftNot available for use in modern IKE implementations.
9EC2N group over GF[2^283]IETF DraftNot available for use in modern IKE implementations.
10EC2N group over GF[2^409]IETF DraftNot available for use in modern IKE implementations.
11EC2N group over GF[2^409]IETF DraftNot available for use in modern IKE implementations.
12EC2N group over GF[2^571]IETF DraftNot available for use in modern IKE implementations.
13EC2N group over GF[2^571]IETF DraftNot available for use in modern IKE implementations.
142048-bit modulusRFC 3526MINIMUM ACCEPTABLE
Available for use in IKEv2
153072-bit modulusRFC 3526Not available for use in modern IKE implementations.
164096-bit modulusRFC 3526Not available for use in modern IKE implementations.
176144-bit modulusRFC 3526Not available for use in modern IKE implementations.
188192-bit modulusRFC 3526Not available for use in modern IKE implementations.
19256-bit random elliptic curveRFC 5903Available for use in IKEv2
20384-bit random elliptic curveRFC 5903Available for use in IKEv2
21521-bit random elliptic curveRFC 5903Available for use in IKEv2
221024-bit modulus with 160-bit prime order subgroupRFC 5114Not available for use in modern IKE implementations.
232048-bit modulus with 224-bit prime order subgroupRFC 5114Not available for use in modern IKE implementations.
242048-bit modulus with 256-bit prime order subgroupRFC 5114Available for use in IKEv2
25192-bit Random ECP GroupRFC 5114Not available for use in modern IKE implementations.
26224-bit Random ECP GroupRFC 5114Not available for use in modern IKE implementations.
27224-bit Random ECP GroupRFC 6932Not available for use in modern IKE implementations.
28256-bit Brainpool ECP groupRFC 6932Not available for use in modern IKE implementations.
29384-bit Brainpool ECP groupRFC 6932Not available for use in modern IKE implementations.
30512-bit Brainpool ECP groupRFC 6932Not available for use in modern IKE implementations.
31-32767Unassigned

Leave a Reply

Your email address will not be published. Required fields are marked *