VPN Key Exchange Enhancements in iOS 9.3, OS X 10.11.4 and Server 5.1
iOS 9.3, OS X 10.11.4 and Server 5.1 add support for new Diffie-Hellman key exchange groups to enhance the security of VPN connections.
These releases add support for Diffie-Hellman (DH) Group 14 and 5 to L2TP over IPSec, and Diffie-Hellman Group 14 to Cisco IPSec. The new supported key exchange proposals are:
DH Group | 14 | 14 | 14 | 14 | 5 | 5 | 5 |
Encryption algorithm | AES256 | AES256 | AES256 | AES256 | AES256 | AES256 | AES256 |
Hash algorithm | SHA256 | SHA1 | MD5 | SHA512 | SHA256 | SHA1 | MD5 |
Previous versions of iOS, OS X and Server supported DH Group 2 (only) for L2TP over IPSec. Previous versions of iOS also supported DH group 5 and 2 for Cisco IPSec, with DH group 2 for aggressive mode.
DH Group 2 is still supported but it has the lowest priority when finding a proposal match. Both L2TP over IPSec and Cisco IPsec now support DH Groups 14, 5, 2, in that order of preference. For aggressive mode, the VPN client will try first with DH Group 14; if it fails, it will try again with DH Group 2. Apple recommends using Group 14 or Group 5 since they provide stronger security than Group 2, which may be vulnerable to compromise.