VPN Key Exchange Enhancements in iOS 9.3, OS X 10.11.4 and Server 5.1

iOS 9.3, OS X 10.11.4 and Server 5.1 add support for new Diffie-Hellman key exchange groups to enhance the security of VPN connections.

This article has been archived and is no longer updated by Apple.

These releases add support for Diffie-Hellman (DH) Group 14 and 5 to L2TP over IPSec, and Diffie-Hellman Group 14 to Cisco IPSec. The new supported key exchange proposals are:

DH Group 14 14 14 14 5 5 5
Encryption algorithm AES256 AES256 AES256 AES256 AES256 AES256 AES256
Hash algorithm SHA256 SHA1 MD5 SHA512 SHA256 SHA1 MD5

Previous versions of iOS, OS X and Server supported DH Group 2 (only) for L2TP over IPSec. Previous versions of iOS also supported DH group 5 and 2 for Cisco IPSec, with DH group 2 for aggressive mode.

DH Group 2 is still supported but it has the lowest priority when finding a proposal match. Both L2TP over IPSec and Cisco IPsec now support DH Groups 14, 5, 2, in that order of preference. For aggressive mode, the VPN client will try first with DH Group 14; if it fails, it will try again with DH Group 2. Apple recommends using Group 14 or Group 5 since they provide stronger security than Group 2, which may be vulnerable to compromise.

Published Date: