Diffie-Hellman (DH) is a public-key cryptography protocol that allows two devices to establish a shared secret over an unsecure communications channel (like ISAKMP for IPSec)
DH consists of the following options:
- D-H Group 1 — 768-bit DH Group.
- D-H Group 2 — 1024-bit DH Group. This group provides more security than group 1, but requires more processing time.
- D-H Group 5 — 1536-bit DH Group. This group provides more security than group 2, but requires more processing time.
- Diffie-Hellman Key Agreement Method - RFC 2631
- Additional Diffie-Hellman Groups for Use with IETF Standards - RFC 5114