Key exchange (DH) Groups Supported - Site to Site VPN
Description
Diffie-Hellman key exchange, also called exponential key exchange, is an asymmetric key algorithm used for public key cryptography. A protocol for creating a shared secret between two sides of a communication, whether IKE, TLS, SSH and some others. Both sides first have to agree on a "group" (in the mathematical sense), usually a multiplicative group modulo a prime. Basically it is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming. The Diffie-Hellman algorithm was created to address the issue of secure encrypted keys from being attacked over the internet when in transmission, though using the Diffie-Hellman algorithm in distributing symmetric keys securely over the internet
Resolution
Here is the list of Key Exchange Groups (DH) SonicWALL Site to Site VPN supports:
IANA assigned the ID values to these Diffie-Hellman groups.
NOTE: Groups 1-14 are available on SonicOS 5.9 firmware. Groups 1-26 are available on SonicOS 6.2 and above firmware.
| 768-bit modulus MODP Group | DH Group 1 |
| 1024-bit modulus MODP Group | DH Group 2 |
| 1536-bit modulus MODP Group | DH Group 5 |
| 2048-bit modulus MODP Group | DH Group 14 |
| 256-bit Random ECP Group | DH Group 19 |
| 384-bit Random ECP Group | DH Group 20 |
| 521-bit Random ECP Group | DH Group 21 |
| 192-bit Random ECP Group | DH Group 25 |
| 224-bit Random ECP Group | DH Group 26 |
Reference RFC Links:
- https://tools.ietf.org/HTML/rfc5114
- https://tools.ietf.org/html/rfc4753
- https://tools.ietf.org/html/rfc7296
- https://tools.ietf.org/html/rfc3526
- https://tools.ietf.org/html/rfc5903