Operating system of connected device | Windows 8.1 Windows 10 Windows 11 |
Connection mode | Transport mode |
Key exchange protocol | IKEv1 (main mode) |
Authentication method Pre-shared key Digital signature | |
Hash algorithm (and key length) HMAC-SHA1-96 HMAC-SHA2 (256 bits or 384 bits) | |
Encryption algorithm (and key length) 3DES-CBC AES-CBC (128 bits, 192 bits, 256 bits) | |
Key exchange algorithm/group (and key length) Diffie-Hellman (DH) Group 14 (2048 bits) ECDH-P256 (256 bits) ECDH-P384 (384 bits) | |
ESP | Hash algorithm HMAC-SHA1-96 |
Encryption algorithm (and key length) 3DES-CBC AES-CBC (128 bits, 192 bits, 256 bits) | |
Hash/encryption algorithm (and key length) AES-GCM (128 bits, 192 bits, 256 bits) | |
AH | Hash algorithm HMAC-SHA1-96 |
IPSec supports communication to a unicast address (single device). |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024Bits, 2048Bits, 3072Bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1*1, SHA-256, SHA-384*2, SHA-512*2 DSA: SHA-1*1 ECDSA: SHA-1*1, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA1 |
Format | Key PKCS#12*1 CA certificate X.509 DER format/PEM format |
File extension | Key ".p12" or ".pfx" CA certificate ".cer" or ".pem" |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024 bits, 2048 bits, 3072 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1*2, SHA-256, SHA-384*3, SHA-512*3 DSA: SHA-1*2 ECDSA: SHA-1*2, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA1 |
The machine does not support use of a certificate revocation list (CRL). |
Hash | MD4, MD5, SHA-1 |
HMAC | HMAC-MD5 |
Common key encryption | RC2, RC4, DES |
Public key encryption | RSA encryption (512 bits/1024 bits) RSA signature (512 bits/1024 bits) DSA (512 bits/1024 bits) DH (512 bits/1024 bits) |
Even when [Prohibit Weak Encryp. Key/Cert.] in [Encryption Settings] is set to [On], the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
Algorithm | TLS Version | |||
TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | |
Encryption Algorithm | ||||
AES-CBC (256bit) | ||||
AES-CBC (128bit) | ||||
AES-GCM (256bit) | ||||
AES-GCM (128bit) | ||||
3DES-CBC | ||||
CHACHA20-POLY1305 | ||||
Key Exchange Algorithm | ||||
RSA | ||||
ECDHE | ||||
X25519 | ||||
Signature Algorithm | ||||
RSA | ||||
ECDSA | ||||
HMAC Algorithm | ||||
SHA1 | ||||
SHA256 | ||||
SHA384 |