Windows Suite B Support with IKEv1 » History » Version 2
« Previous -
Version 2/26
(diff) -
Next » -
Current version
Andreas Steffen, 08.07.2009 09:38
extended suite B howtow
Windows Suite B Support¶
Windows Vista Service Pack 1, Windows Server 2008 and Windows 7 support the cryptographic algorithms for IPsec defined by Suite B. For details see http://support.microsoft.com/kb/949856/.
The following command sets the IKEv1 main mode algorithms:
netsh advfirewall set global mainmode mmsecmethods ecdhp256:aes128-sha256,ecdhp384:aes192-sha384,dhgroup14:aes128-sha1
The currently configured algorithms can be checked using the command:
netsh advfirewall show global Main Mode: KeyLifetime 480min,0sess SecMethods ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1 ForceDH No