Encryption algorithm reference

更新时间:
复制 MD 格式

IPsec-VPN uses IKE (Internet Key Exchange) to negotiate keys and IPsec to encrypt data in transit. Both phases require an encryption algorithm, an authentication algorithm, and a DH group. Use this reference to choose a suitable combination.

Note

We recommend the AES256-GCM-16 + SHA256 + DH Group 14 cipher suite for the IKE and IPsec phases on an IPsec-VPN gateway. For a Classic VPN gateway or a Transit Router, we recommend AES256 + SHA256 + DH Group 14.

IKE encryption algorithm

Encrypts data exchanged during IKE key negotiation.

Algorithm

Key length

Security

Performance

VPN Gateway

Transit Router

Recommendation

AES256-GCM-16

256-bit

Very High

High (hardware acceleration)

enhanced only

Not supported

Recommended

AES128-GCM-16

128-bit

High

Very High (hardware acceleration)

enhanced only

Not supported

Recommended

AES256

256-bit

High

Medium

enhanced / standard

Supported

Recommended

AES192

192-bit

High

Medium

enhanced / standard

Supported

Available

AES128

128-bit

Medium

High

enhanced / standard

Supported

Available

3DES

168-bit

Low

Low

enhanced / standard

Supported

Not Recommended

DES

56-bit

Very Low

Medium

enhanced / standard

Supported

Not Recommended

SM4

128-bit

High (Chinese cryptographic standard)

Medium

standard only

Not supported

Recommended for Chinese cryptographic scenarios

Warning

DES (56-bit) and 3DES (168-bit) are vulnerable to brute-force attacks. Use AES128 or stronger in production.

GCM mode

AES-GCM (Galois/Counter Mode) is an AEAD mode that combines encryption and integrity verification. Advantages over CBC mode:

  • Higher performance: Supports parallel processing and hardware acceleration for higher throughput.

  • Stronger security: Built-in integrity check eliminates the need for a separate authentication algorithm.

  • Lower latency: Encryption and authentication in a single pass reduces processing overhead.

Note

AES128-GCM-16 and AES256-GCM-16 are available only on enhanced VPN Gateways. They are not supported on standard VPN Gateways or Transit Routers.

IKE authentication algorithm

Verifies packet integrity during IKE negotiation and prevents tampering.

Algorithm name

Digest length

Security

Performance

VPN Gateway

Transit Router

Recommendation

SHA512

512-bit

Extremely High

Low

enhanced / traditional

Supported

Recommended for high-security scenarios

SHA384

384-bit

High

Medium

enhanced / traditional

Supported

Available

SHA256

256-bit

High

High

enhanced / traditional

Supported

Recommended

SHA1

160-bit

Medium

High

enhanced / traditional

Supported

Available for compatibility scenarios

MD5

128-bit

Low

Extremely High

enhanced / traditional

Supported

Not recommended

SM3

256-bit

High (GM standard)

Medium

traditional only

Not Supported

Recommended for GM-required scenarios

Warning

MD5 is vulnerable to collision attacks. Use SHA256 or stronger in production.

IPsec encryption algorithm

Encrypts data traffic during the IPsec phase. The same algorithms are available as for the IKE phase.

Algorithm

Key length

Security

Performance

VPN gateway support

Transit router support

Recommendation

AES256-GCM-16

256-bit

Extremely High

High (hardware acceleration)

enhanced only

Not supported

Recommended

AES128-GCM-16

128-bit

High

Extremely High (hardware acceleration)

enhanced only

Not supported

Recommended

AES256

256-bit

High

Medium

enhanced / standard

Supported

Recommended

AES192

192-bit

High

Medium

enhanced / standard

Supported

Available

AES128

128-bit

Medium

High

enhanced / standard

Supported

Available

3DES

168-bit

Low

Low

enhanced / standard

Supported

Not recommended

DES

56-bit

Extremely Low

Medium

enhanced / standard

Supported

Not recommended

SM4

128-bit

High (Guomi standard)

Medium

standard only

Not supported

Recommended for Guomi scenarios

Note

You can use different encryption algorithms for IKE and IPsec. For example, AES256 for IKE key negotiation and AES128 for IPsec data traffic to increase throughput. However, using the same algorithm for both phases simplifies configuration and maintenance.

IPsec authentication algorithm

Verifies the integrity of transmitted data. The same algorithms are available as for IKE authentication.

Algorithm name

Digest length

Security

Performance

VPN gateway type

Transit router support

Recommendation

SHA512

512-bit

Extremely High

Low

Enhanced / Classic

Supported

Recommended for high-security scenarios

SHA384

384-bit

High

Medium

Enhanced / Classic

Supported

A viable option

SHA256

256-bit

High

High

Enhanced / Classic

Supported

Recommended

SHA1

160-bit

Medium

High

Enhanced / Classic

Supported

Available for compatibility purposes

MD5

128-bit

Low

Extremely High

Enhanced / Classic

Supported

Not recommended

SM3

256-bit

High (GM)

Medium

Classic only

Not supported

Recommended for GM scenarios

Note

AES-GCM provides built-in integrity verification (AEAD) through GCM mode. When GCM is used, the authentication algorithm protects only IKE negotiation, while GCM handles IPsec data integrity.

DH group

A DH group (Diffie-Hellman group) generates a shared key during IKE key exchange. Longer keys provide stronger security but increase computational overhead. PFS (Perfect Forward Secrecy) in the IPsec phase also uses a DH group.

DH group

Key length

Security

Performance

Recommendation

Description

Group 1

768-bit

Very Low

Very High

Not Recommended

Considered insecure. Use only for compatibility with legacy devices.

Group 2

1024-bit

Low

High

Not Recommended

Offers insufficient security. Upgrading to Group 14 is recommended.

Group 5

1536-bit

Medium

Medium

Usable

Offers moderate security. Suitable for transitional use.

Group 14

2048-bit

High

Medium

Recommended

The current mainstream choice, offering a good balance between security and performance.

Group 24

2048-bit (elliptic curve)

High

High

Usable

An elliptic curve-based DH exchange that offers better performance than Group 14.

Note

We recommend DH group 14 (2048-bit). Group 1 and Group 2 do not meet modern security requirements and are not recommended for production. For the IPsec phase, enable PFS and use the same DH group as the IKE phase.

Guomi algorithm

Guomi (GM) algorithms are Chinese commercial cryptographic algorithms certified by the State Cryptography Administration. IPsec-VPN supports SM4 for encryption and SM3 for authentication.

SM4 encryption

Property

Description

Algorithm type

Symmetric block cipher

Key length

128-bit

Block size

128-bit

Security level

High (compliant with Chinese national cryptographic standards)

Usage

IKE encryption, IPsec encryption

Scope

Only for IPsec connections that are bound to a Classic VPN Gateway

SM4 has security strength comparable to AES-128. As a core symmetric cipher in China's commercial cryptography system, it is widely used in finance and government sectors.

SM3 authentication

Property

Description

Algorithm type

cryptographic hash algorithm

Digest length

256-bit

Security level

High (compliant with Chinese national cryptographic standards)

Usage

IKE authentication, IPsec authentication

Scope

Only for IPsec connections that are bound to a Classic VPN Gateway

SM3 has security strength comparable to SHA-256. As a core hash algorithm in China's commercial cryptography system, it is used for data integrity checks and digital signatures.

Warning

Limitations of Guomi algorithms:

  • Guomi algorithms can be used only with IPsec connections that are bound to a Classic VPN Gateway.

  • Guomi algorithms are not supported with an Enhanced VPN Gateway or a Transit Router.

  • When using Guomi algorithms, a VPN Gateway does not support IPsec connections over a private network.

  • Guomi algorithms are supported only in Chinese mainland regions.

  • SM4 and SM3 must be used together. They cannot be combined with other algorithms. For example, the combination of SM4 and SHA-256 is not supported.

Recommended cipher suites

Select a cipher suite based on your security requirements and device compatibility.

Security level

Encryption algorithm

Authentication algorithm

DH group

Use case

Very High (Recommended)

AES256-GCM-16

SHA256

Group 14

For an enhanced VPN Gateway that requires high security and performance.

High

AES256

SHA256

Group 14

For general production environments that require good compatibility.

Medium

AES128

SHA256

Group 14

For high-performance data transfer.

Basic

AES128

SHA1

Group 2

For compatibility with non-upgradable legacy devices.

SM algorithm

SM4

SM3

Group 14

For use cases that require SM algorithm compliance.

FAQ

IKE version selection

  • IKEv2 (Recommended): More efficient negotiation, native support for multiple subnets and NAT traversal, and stronger security.

  • IKEv1: Compatible with legacy devices, but has a more complex negotiation process and limited multi-subnet support.

Use IKEv2 if the peer gateway supports it.

Same algorithms for IKE and IPsec

No. You can configure different algorithms for IKE and IPsec. However, using the same combination for both simplifies operations and reduces configuration errors.

Handling peers without AES-GCM

Both peers must support AES-GCM. If your peer does not, use AES256 + SHA256 + DH group 14, which provides strong security with broad compatibility.

Enabling PFS

Yes. We highly recommend enabling it. PFS (Perfect Forward Secrecy) ensures that previously negotiated session keys remain secure even if a long-term key is compromised. With PFS enabled, the system performs a new DH key exchange each time it renegotiates the Security Association (SA). Use the same DH group for PFS as for the IKE phase.