Diffie Hellman Group support to 15

Zyxel_Stanley
Zyxel_Stanley Posts: 1,379  Zyxel Employee
100 Answers 1000 Comments Friend Collector Seventh Anniversary
edited July 2 in Security Ideas
This discussion was created from comments split from: Diffie Hellman Group 15
Description: Currently IPSec VPN Diffie Hellman Group only support for group 1, 2, 5, 14. But not group 15.
Click like if you think the feature is useful and beneficial.
0
0 votes

Completed · Last Updated

Supported in ZLD4.60 and above version.

Comments

  • Plats
    Plats Posts: 12  Freshman Member
    First Comment Sixth Anniversary
    This artical states that even DH15 is far to low for security.

    At least go to DH19



  • Line2
    Line2 Posts: 40  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    In my view the CISCO doc is absolutely right, DH14 is the absolut minimum at the moment, 19-21 would be recommended. German BSI gives the same advice.
  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    The more configurations to be done, much better for the admin.
    I will always try to configure the most security for me and my customers and partners.
  • Line2
    Line2 Posts: 40  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    at least DH19 in near future?
  • Zyxel_Joshua
    Zyxel_Joshua Posts: 62  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    In ZLD 4.60, the DH Group 19, 20, 21 is support.

    For 128-bit security level, DH Group 19 is recommend. (instead of DH Group 15)
    For 192-bit security level, DH Group 20 is recommend. (instead of DH Group 18)
    For 256-bit security level, DH Group 21 is recommend.