Topic

Integrity algorithms

Applicable to

all

History

Priority

recommended

Mar 2022

AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_384_192, AUTH_HMAC_SHA2_512_256 or NONE (only with AES-GCM) is used for authenticating IPsec connections, preferably NONE.

The Internet Key Exchange version 1 (IKEv1) protocol was obsoleted by the IKE version 2 (IKEv2) protocol in December 2005. Since IKEv2 has now been widely adopted, and in doing so addresses various problems with IKEv1, approval for the use of IKEv1 as part of Internet Protocol security implementations has been rescinded.

2015

Agencies must use HMAC–SHA256, HMAC–SHA384 or HMAC–SHA512 as a HMAC algorithm.

2010

It is recommended agencies use HMAC-SHA-1-96 as the HMAC algorithm.