Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA VPN Deffe-Helman Group Change

Dear All,

I just wondering why cisco changed the support for DH group 7 change from Version 8.0(4) onwards. I can't  find any document by cisco explaining the actual reason behind this.

Please share your views.

Thank you

1 REPLY
Cisco Employee

Re: ASA VPN Deffe-Helman Group Change

Diffie Hellman group 7 was meant for low powered PDAs/processors  and is less secure, not more (despite the higher number).  You should contact your account team or open a TAC case if you need an official answer as to why it was removed - but most modern processors can support groups, 1,2, or 5 (768,1024, and 1536 bits, respectively) vs group 7 (ECC/163bits)

--Jason

474
Views
0
Helpful
1
Replies
CreatePlease login to create content