Diffie Hellman Group support to 15

Options
Zyxel_Stanley
Zyxel_Stanley Posts: 1,376  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited July 2 in Security Ideas
This discussion was created from comments split from: Diffie Hellman Group 15
Description: Currently IPSec VPN Diffie Hellman Group only support for group 1, 2, 5, 14. But not group 15.
Click like if you think the feature is useful and beneficial.

Share yours now! https://bit.ly/4aO0BMF

Stanley

0
0 votes

Completed · Last Updated

Supported in ZLD4.60 and above version.

Comments

  • Plats
    Plats Posts: 12  Freshman Member
    First Anniversary First Comment
    Options
    This artical states that even DH15 is far to low for security.

    At least go to DH19



  • Line2
    Line2 Posts: 40  Freshman Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    In my view the CISCO doc is absolutely right, DH14 is the absolut minimum at the moment, 19-21 would be recommended. German BSI gives the same advice.
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    The more configurations to be done, much better for the admin.
    I will always try to configure the most security for me and my customers and partners.
  • Line2
    Line2 Posts: 40  Freshman Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    at least DH19 in near future?
  • Zyxel_Joshua
    Zyxel_Joshua Posts: 62  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    In ZLD 4.60, the DH Group 19, 20, 21 is support.

    For 128-bit security level, DH Group 19 is recommend. (instead of DH Group 15)
    For 192-bit security level, DH Group 20 is recommend. (instead of DH Group 18)
    For 256-bit security level, DH Group 21 is recommend.