Use this dialog box to configure a security method offer that is available when negotiating main mode security associations. You must specify the integrity, encryption, and key exchange algorithm.

How to get to this dialog box
  1. On the Windows Firewall with Advanced Security MMC snap-in page, in Overview, click Windows Firewall Properties.

  2. Click the IPsec Settings tab.

  3. Under IPsec defaults, click Customize.

  4. Under Key exchange (Main Mode), select Advanced, and then click Customize.

  5. Under Security methods, select an algorithm combination from the list, and click Edit or Add.

Integrity algorithm

Select one of the following integrity algorithms from the list.

  • SHA-384

  • SHA-256

  • SHA-1

  • MD5

    Caution

    MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

Encryption algorithm

Select one of the following encryption algorithms from the list.

  • AES-CBC 256

  • AES-CBC-192

  • AES-CBC-128

  • 3DES

  • DES

    Caution

    DES is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

Key exchange algorithm

Select one of the following key exchange algorithms from the list.

  • Elliptic Curve Diffie-Hellman P-384

  • Elliptic Curve Diffie-Hellman P-256

  • Diffie-Hellman Group 14

  • Diffie-Hellman Group 2

  • Diffie-Hellman Group 1

    Caution

    DH1 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

For more information about any of these algorithms, see IPsec Algorithms and Methods Supported in Windows (http://go.microsoft.com/fwlink/?linkid=129230).

See Also