Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
1
Replies

ASA VPN Deffe-Helman Group Change

it.support
Level 1
Level 1

‎07-05-2010 04:31 AM

Dear All,

I just wondering why cisco changed the support for DH group 7 change from Version 8.0(4) onwards. I can't  find any document by cisco explaining the actual reason behind this.

Please share your views.

Thank you

Labels:
0 Helpful
1 Reply 1

Jason Gervia
Cisco Employee
Cisco Employee

‎07-05-2010 06:24 AM

Diffie Hellman group 7 was meant for low powered PDAs/processors  and is less secure, not more (despite the higher number).  You should contact your account team or open a TAC case if you need an official answer as to why it was removed - but most modern processors can support groups, 1,2, or 5 (768,1024, and 1536 bits, respectively) vs group 7 (ECC/163bits)

--Jason

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents