Operating system | Windows 8.1 Windows 10 | |
Connection mode | Transport mode | |
Key exchange protocol | IKEv1 (main mode) | |
Authentication method | Pre-shared key Digital signature | |
Hash algorithm (and key length) | HMAC-SHA1-96 HMAC-SHA2 (256 bits or 384 bits) | |
Encryption algorithm (and key length) | 3DES-CBC AES-CBC (128 bits, 192 bits, or 256 bits) | |
Key exchange algorithm/group (and key length) | Diffie-Hellman (DH) Group 14 (2048 bits) ECDH-P256 (256 bits) ECDH-P384 (384 bits) | |
ESP | Hash algorithm | HMAC-SHA1-96 |
Encryption algorithm (and key length) | 3DES-CBC AES-CBC (128 bits, 192 bits, or 256 bits) | |
Hash algorithm/encryption algorithm (and key length) | AES-GCM (128 bits, 192 bits, or 256 bits) | |
AH | Hash algorithm | HMAC-SHA1-96 |
IPSec supports communication to a unicast address (or a single device). |
Format | Key: PKCS#12*1 CA certificate: X.509 DER/PEM |
File extension | Key: ".p12" or ".pfx" CA certificate: ".cer" or ".pem" |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024 bits, 2048 bits, 3072 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1, SHA-256, SHA-384*2, SHA-512*2, MD2, MD5 DSA: SHA-1 ECDSA: SHA-1, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA1 |
*1Requirements for the certificate contained in a key are pursuant to CA certificates. *2RSA-SHA-384 and RSA-SHA-512 are available only when the RSA key length is 1024 bits or more. |
The machine does not support use of a certificate revocation list (CRL). |
Hash | MD4, MD5, SHA-1 |
HMAC | HMAC-MD5 |
Common key cryptosystem | RC2, RC4, DES |
Public key cryptosystem | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits) |
Even when <Prohibit Weak Encryp. Key/Cert.>/<Prohibit Key/Cert. with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |