Also known as: DH

Diffie–Hellman is a public key exchange algorithm used in IPsec connections for establishing a secret communication over an untrusted network.

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process:

  • DH Group 1: 768-bit group
  • DH Group 2: 1024-bit group
  • DH Group 5: 1536-bit group
  • DH Group 14: 2048-bit group
  • DH Group 15: 3072-bit group
  • DH Group 19: 256-bit elliptic curve group
  • DH Group 20: 384-bit elliptic curve group

The DH group is negotiated during phase 1 of the IPsec negotiation process. Both peers must agree on a group. Diffie-Hellman groups may also be used in Phase 2 of an IPsec connection when using Perfect Forward Secrecy.