.png)
IPsec Algorithms and Methods Supported in Windows
업데이트 날짜: 2009년 1월
적용 대상: Windows Server 2008, Windows Vista
The following tables identify the key exchange protocols, integrity and encryption algorithms, and authentication methods included in versions of the Windows operating system.
- An “X” indicates the table entry can be configured by using the 고급 보안 기능을 가진 Windows 방화벽 MMC snap-in or the Netsh command-line tool.
- An “O” indicates the table entry can be configured only by using the Netsh command-line tool.
For more information about a protocol, click the protocol name.
 주의 |
|---|
| The Diffie-Hellman Group 1 key exchange protocol, the Message-Digest algorithm 5 (MD5) integrity algorithm, the Data Encryption Standard (DES) encryption algorithm, and the preshared key authentication method are included for backward compatibility only. We do not recommend that you use them in a production environment. |
Key exchange protocols
| Netsh abbreviation | Windows 2000 | Windows XP and Windows Server 2003 | Windows Vista | Windows Vista SP1 and Windows Server 2008 | Windows Server 2008 R2 and Windows 7 | |
|---|---|---|---|---|---|---|
|
dhgroup1 |
X |
X |
X |
X |
X |
|
|
dhgroup2 |
X |
X |
X |
X |
X |
|
|
dhgroup14 |
|
X |
X |
X |
X |
|
|
ecdhp256 |
O |
X |
||||
|
ecdhp384 |
O |
X |
Integrity algorithms
| Netsh abbreviation | Windows 2000 | Windows XP and Windows Server 2003 | Windows Vista | Windows Vista SP1 and Windows Server 2008 | Windows Server 2008 R2 and Windows 7 | |
|---|---|---|---|---|---|---|
|
md5 |
X |
X |
X |
X |
X |
|
|
sha1 |
X |
X |
X |
X |
X |
|
|
Secure Hash Algorithm 256-bit (main mode only) |
sha256 |
O |
X |
|||
|
sha384 |
O |
X |
||||
|
Advanced Encryption Standard-Galois Message Authentication Code (AES-GMAC) 128-bit (quick mode only) |
aesgmac128 |
O |
X |
|||
|
AES-GMAC 192-bit (quick mode only) |
aesgmac192 |
O |
X |
|||
|
AES-GMAC 256-bit (quick mode only) |
aesgmac256 |
O |
X |
|||
|
Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) 128-bit (quick mode only) |
aesgcm128 |
O |
X |
|||
|
AES-GCM 192-bit (quick mode only) |
aesgcm192 |
O |
X |
|||
|
AES-GCM 256-bit (quick mode only) |
aesgcm192 |
O |
X |
Encryption algorithms
| Netsh abbreviation | Windows 2000 | Windows XP and Windows Server 2003 | Windows Vista | Windows Vista SP1 and Windows Server 2008 | Windows Server 2008 R2 and Windows 7 | |
|---|---|---|---|---|---|---|
|
des |
X |
X |
X |
X |
X |
|
|
3des |
X |
X |
X |
X |
X |
|
|
Advanced Encryption Standard-Cipher Block Chaining (AES-CBC) 128-bit |
aes128 |
O |
X |
|||
|
aes192 |
O |
X |
||||
|
aes256 |
O |
X |
||||
|
AES-GCM 128-bit (quick mode only) |
aesgcm128 |
|
O |
X |
||
|
AES-GCM 192 (quick mode only) |
aesgcm192 |
O |
X |
|||
|
AES-GCM 256 (quick mode only) |
aesgcm256 |
O |
X |
Authentication methods
| Netsh abbreviation | Windows 2000 | Windows XP and Windows Server 2003 | Windows Vista | Windows Vista SP1 and Windows Server 2008 | Windows Server 2008 R2 and Windows 7 | |
|---|---|---|---|---|---|---|
|
computerpsk |
X |
X |
X |
X |
X |
|
|
computerkerb |
X |
X |
X |
X |
X |
|
|
computercert |
X |
X |
X |
X |
X |
|
|
computerntlm |
X |
X |
X |
|||
|
userkerb |
X |
X |
X |
|||
|
userntlm |
X |
X |
X |
|||
|
usercert |
X |
X |
X |
|||
|
Computer certificate with Elliptic Curve Digital Signature Algorithm (ECDSA)-P256 signing |
computercertecdsap256 |
O |
X |
|||
|
computercertecdsap384 |
O |
X |
||||
|
usercertecdsap256 |
O |
X |
||||
|
usercertecdsap384 |
O |
X |
