Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
seadave
Contributor III

Lack of full Diffie-Hellman Group options in FortiClient 5.2.3.0633

I'm playing around with IPSec VPN on our FG500D.  I'd like to use Diffie-Hellman group 21 for my P1 and P2 negotiations as they are Elliptic Curve (EC) based and thus should be more efficient than the RSA based keys.  I never realized what the groups represented until doing some digging today.  Found this blurb:

 

Diffie-Hellman group 1  -  768 bit modulus  - AVOID

Diffie-Hellman group 2  - 1024 bit modulus  - AVOID

Diffie-Hellman group 5  - 1536 bit modulus  - AVOID

Diffie-Hellman group 14 - 2048 bit modulus – MINIMUM ACCEPTABLE

Diffie-Hellman group 19 - 256 bit elliptic curve – ACCEPTABLE

Diffie-Hellman group 20 - 384 bit elliptic curve – Next Generation Encryption

Diffie-Hellman group 21 - 521 bit elliptic curve – Next Generation Encryption

Diffie-Hellman group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup – Next Generation Encryption

 

Algorithms marked as AVOID do not provide an adequate security level against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.

Next Generation Encryption (NGE) is expected to meet the security and scalability requirements of the next two decades.

If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5, 14, 19, 20 or 24.    If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21 or 24.

 

From <https://supportforums.cisco.com/document/12276506/diffie-hellman-groups>

 

I'm making a concerted effort to use EC based crypto as often as possible going forward.  As I'm using AES256-SHA256 for P1 and P2, using DH group 19-21 seems to be the best choice.  I started off high with 21.

 

I was dismayed when I went to the FortiClient and saw it only supports DH groups 1,2,5, and 14.  Why is that?  Is the math of the higher groups too intense for a standard CPU?  From all that I have read, DH 19-21 should actually be easier due to the efficiencies of EC.

1 REPLY 1
emnoc
Esteemed Contributor III

Ask for a feature request via/FTNT. But in  all fairness Dh-Grp14 and PFS should fit 9 out 10 individuals needs for any symmetric vpn solutions like ipsec.

 

If you had any other concerns, than enable certificates based for authentication. Dh-Grp14 should be the minimum that we should deploy & if supported.

 

I will caution you, that  Dh-Grps higher than 14 are typically not found on other vendor parties devices. ( Sonicwall/ some Junipter products /  earlier cisco ASA / ). So if you have to interface with a non-Fortigate Device  you, might be hampered. Ideally we should be using Dh-Grp 24  if we here looking for the most secured connection ;)

 

If your really worried, " follow the guidelines by NSA or find out the minimum that they use    "

 

Just my thoughts.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors