perfect-forward-secrecy (Services)
Syntax
perfect-forward-secrecy {
keys (group1 | group2 |group5 |group14 |group15 | group16 | group24);
}
Description
Define Perfect Forward Secrecy (PFS). Creates single-use keys. This statement is optional.
Options
keys—Type of Diffie-Hellman prime modulus group that IKE uses when performing the new Diffie-Hellman exchange. The key can be one of the following:
| group1 | 768-bit. |
| group2 | 1024-bit. |
| group5 | 1536-bit. |
| group14 | 2048-bit. |
| group15 | 3072-bit. |
| group16 | 4096-bit. |
| group24 | 2048-bit with 256-bit Prime Order Subgroup. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
group15, group16, and group24 options
added in Junos OS Release 17.4R1.