Diffie Hellman Group support to 15

Zyxel_Stanley Posts: 963  Zyxel Employee
edited July 20 in Security Ideas
This discussion was created from comments split from: Diffie Hellman Group 15
Description: Currently IPSec VPN Diffie Hellman Group only support for group 1, 2, 5, 14. But not group 15.
Click like if you think the feature is useful and beneficial.
0 votes

Active · Last Updated


  • Plats
    Plats Posts: 12  Freshman Member
    This artical states that even DH15 is far to low for security.

    At least go to DH19

  • Line2
    Line2 Posts: 40  Freshman Member
    In my view the CISCO doc is absolutely right, DH14 is the absolut minimum at the moment, 19-21 would be recommended. German BSI gives the same advice.
  • Alfonso
    Alfonso Posts: 257  Master Member
    The more configurations to be done, much better for the admin.
    I will always try to configure the most security for me and my customers and partners.
  • Line2
    Line2 Posts: 40  Freshman Member
    at least DH19 in near future?
  • Zyxel_Joshua
    Zyxel_Joshua Posts: 17  Zyxel Employee
    In ZLD 4.60, the DH Group 19, 20, 21 is support.

    For 128-bit security level, DH Group 19 is recommend. (instead of DH Group 15)
    For 192-bit security level, DH Group 20 is recommend. (instead of DH Group 18)
    For 256-bit security level, DH Group 21 is recommend.