R0106-HP MSR Router Series Security Command Reference(V7)
352
dh { group1 | group14 | group2 | group24 | group5 }
undo dh
In FIPS mode:
dh group14
undo dh
Default
In non-FIPS mode, group1, the 768-bit Diffie-Hellman group, is used.
In FIPS mode, group14, the 2048-bit Diffie-Hellman group, is used.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
group1: Uses the 768-bit Diffie-Hellman group.
group14: Uses the 2048-bit Diffie-Hellman group.
group2: Uses the 1024-bit Diffie-Hellman group.
group24: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group5: Uses the 1536-bit Diffie-Hellman group.
Usage guidelines
A DH group that uses more bits provides higher security but needs more time for processing. To achieve
the best trade-off between processing performance and security, choose a proper Diffie-Hellman group
for your network.
Examples
# Specify the 2048-bit Diffie-Hellman group group1 to be used in key negotiation phase 1 for an IKE
proposal.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] dh group14
Related commands
display ike proposal
display ike proposal
Use display ike proposal to display configuration information about all IKE proposals.
Syntax
display ike proposal
Views
Any view