Dialog Box: Add or Edit Security Method
Updated: January 20, 2009
Applies To: Windows 7, Windows Server 2008 R2
Use this dialog box to configure a security method offer that is available when negotiating main mode security associations. You must specify the integrity, encryption, and key exchange algorithm.
How to get to this dialog box
On the Windows Firewall with Advanced Security MMC snap-in page, in Overview, click Windows Firewall Properties.
Click the IPsec Settings tab.
Under IPsec defaults, click Customize.
Under Key exchange (Main Mode), select Advanced, and then click Customize.
Under Security methods, select an algorithm combination from the list, and click Edit or Add.
Integrity algorithm
Select one of the following integrity algorithms from the list.
SHA-384
SHA-256
SHA-1
MD5
Warning
MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
Encryption algorithm
Select one of the following encryption algorithms from the list.
AES-CBC 256
AES-CBC-192
AES-CBC-128
3DES
DES
Warning
DES is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
Key exchange algorithm
Select one of the following key exchange algorithms from the list.
Elliptic Curve Diffie-Hellman P-384
Elliptic Curve Diffie-Hellman P-256
Diffie-Hellman Group 14
Diffie-Hellman Group 2
Diffie-Hellman Group 1
Warning
DH1 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
For more information about any of these algorithms, see IPsec Algorithms and Methods Supported in Windows 129230 (https://go.microsoft.com/fwlink/?linkid=129230).