HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 272
protocol, 1024-bit Diffie-Hellman group
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 272 highlights
Syntax In non-FIPS mode: pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 | dh-group24 } undo pfs In FIPS mode: pfs dh-group14 undo pfs Default The PFS feature is disabled for the IPsec transform set. Views IPsec transform set view Predefined user roles network-admin Parameters dh-group1: Uses 768-bit Diffie-Hellman group. dh-group2: Uses 1024-bit Diffie-Hellman group. dh-group5: Uses 1536-bit Diffie-Hellman group. dh-group14: Uses 2048-bit Diffie-Hellman group. dh-group24: Uses 2048-bit and 256-bit subgroup Diffie-Hellman group. Usage guidelines In terms of security and necessary calculation time, the following groups are in descending order: 2048-bit and 256-bit subgroup Diffie-Hellman group (dh-group24), 2048-bit Diffie-Hellman group (dh-group14), 1536-bit Diffie-Hellman group (dh-group5), 1024-bit Diffie-Hellman group (dh-group2), and 768-bit Diffie-Hellman group (dh-group1). The security level of local Diffie-Hellman group must be higher than or equal that of the peer. The end without the PFS feature performs SA negotiation according to the PFS requirements of the peer end. Examples # Enable PFS using 2048-bit Diffie-Hellman group for IPsec transform set tran1. system-view [Sysname] ipsec transform-set tran1 [Sysname-ipsec-transform-set-tran1] pfs dh-group14 protocol Use protocol to specify a security protocol for an IPsec transform set. Use undo protocol to restore the default. Syntax protocol { ah | ah-esp | esp } 263