Algorithm	Operation	Status	Alternative	QCR¹	Mitigation
DES	Encryption	Avoid	AES	—	—
3DES	Encryption	Legacy	AES	—	Short key lifetime
RC4	Encryption	Avoid	AES	—	—
AES-CBC-128	Encryption	Acceptable	AES-GCM-256	—	—
AES-CBC-192	Encryption	Acceptable	AES-GCM-256	—	—
AES-CBC-256	Encryption	Acceptable	AES-GCM-256	✓	—
AES-GCM-128	Authenticated encryption³	NGE²	—	—	—
AES-GCM-256	Authenticated encryption	NGE	—	✓	—
DH-768 (Group 1)	Key exchange	Avoid	DH-3072 (Group 15)	—	—
RSA-768	Encryption	Avoid	RSA-3072	—	—
DSA-768	Authentication	Avoid	DSA-3072	—	—
DH-1024 (Group 2)	Key exchange	Avoid	DH-3072 (Group 15)	—	—
RSA-1024	Encryption	Avoid	RSA-3072	—	—
DSA-1024	Authentication	Avoid	DSA-3072	—	—
DH-2048 (Group 14)	Key exchange	Acceptable	ECDH-256 (Group 19)	—	—
RSA-2048	Encryption	Acceptable	—	—	—
DSA-2048	Authentication	Acceptable	ECDSA-256	—	—
DH-3072 (Group 15)	Key exchange	Acceptable	ECDH-256 (Group 19)	—	—
RSA-3072	Encryption	Acceptable	—	—	—
DSA-3072	Authentication	Acceptable	ECDSA-256	—	—
MD5	Integrity	Avoid	SHA-256	—	—
SHA-1	Integrity	Legacy	SHA-256	—	—
SHA-256	Integrity	NGE	SHA-384	—	—
SHA-384	Integrity	NGE	—	✓	—
SHA-512	Integrity	NGE	—	✓	—
HMAC-MD5	Integrity	Legacy	HMAC-SHA-256	—	Short key lifetime
HMAC-SHA-1	Integrity	Acceptable	HMAC-SHA-256	—	—
HMAC-SHA-256	Integrity	NGE	—	✓	—
ECDH-256 (Group 19)	Key exchange	Acceptable	ECDH-384 (Group 20)	—	—
ECDSA-256	Authentication	Acceptable	ECDSA-384	—	—
ECDH-384 (Group 20)	Key exchange	NGE	—	—	—
ECDSA-384	Authentication	NGE	—	—	—

1. QCR = quantum computer resistant.

2. NGE = next generation encryption.

3. Provides both encryption and authentication in one.

Algorithms by Operation

Key exchange

Algorithm	Operation	Status	Alternative	QCR	Mitigation	IOS command⁴	ASA command⁵
DH-768 (Group 1)	Key exchange	Avoid	DH-3072 (Group 15)	—	—	group 1	group 1
DH-1024 (Group 2)	Key exchange	Avoid	DH-3072 (Group 15)	—	—	group 2	group 2
DH-1536 (Group 5)	Key exchange	—	ECDH-256 (Group 19)	—	—	group 5	group 5
DH-2048 (Group 14)	Key exchange	Acceptable	ECDH-256 (Group 19)	—	—	group 14	group 14
DH-3072 (Group 15)	Key exchange	Acceptable	ECDH-256 (Group 19)	—	—	group 15	—
DH-4096 (Group 16)	Key exchange	—	ECDH-256 (Group 19)	—	—	group 16	—
DH-6144 (Group 17)	Key exchange	—	ECDH-256 (Group 19)	—	—	—	—
DH-8192 (Group 18)	Key exchange	—	ECDH-256 (Group 19)	—	—	—	—
ECDH-256 (Group 19)	Key exchange	Acceptable	ECDH-384 (Group 20)	—	—	group 19	group 19
ECDH-384 (Group 20)	Key exchange	NGE	—	—	—	group 20	group 20
ECDH-521 (Group 21)	Key exchange	—	—	—	—	group 21	group 21
DH-2048/224 (Group 23)	Key exchange	—	—	—	—	—	—
DH-2048/256 (Group 24)	Key exchange	—	—	—	—	group 24	group 24
NIST-EC224 (Group 26)	Key exchange	—	—	—	—	—	—
BP-EC224 (Group 27)	Key exchange	—	—	—	—	—	—
BP-EC256 (Group 28)	Key exchange	—	—	—	—	—	—
BP-EC384 (Group 29)	Key exchange	—	—	—	—	—	—
BP-EC512 (Group 30)	Key exchange	—	—	—	—	—	—

4. under crypto isakmp policy (IKE) or crypto ike2 proposal (IKEv2)

5. under crypto ikev2 policy (IKEv2)

Algorithm	Operation	Status	Alternative	QCR	Mitigation	IOS command⁶	IOS command⁷	ASA command⁸	ASA command⁹
Null	Encryption	Avoid	AES	—	—	—	esp-null	null	null
SEAL	Encryption	Avoid	AES	—	—	—	esp-seal	—	—
RC4	Encryption	Avoid	AES	—	—	—	—	—	—
RSA-768	Encryption	Avoid	RSA-3072	—	—	—	—	—	—
RSA-1024	Encryption	Avoid	RSA-3072	—	—	—	—	—	—
DES	Encryption	Avoid	AES	—	—	des	esp-des	des	des
3DES	Encryption	Legacy	AES	—	Short key lifetime	3des	esp-3des	3des	3des
RSA-2048	Encryption	Acceptable	—	—	—	—	—	—	—
RSA-3072	Encryption	Acceptable	—	—	—	—	—	—	—
AES-CBC-128	Encryption	Acceptable	AES-GCM-256	—	—	IKEv1: aes IKEv2: aes-cbc-128	esp-aes	aes	aes
AES-CBC-192	Encryption	Acceptable	AES-GCM-256	—	—	IKEv1: aes 192 IKEv2: aes-cbc-192	esp-aes 192	aes-192	aes-192
AES-CBC-256	Encryption	Acceptable	AES-GCM-256	✓	—	IKEv1: aes 256 IKEv2: aes-cbc-256	esp-aes 256	aes-256	aes-256
AES-GCM-128	Authenticated encryption	NGE	—	—	—	IKEv1: n/a IKEv2: aes-gcm-128	esp-gcm 128	aes-gcm	aes-gcm
AES-GCM-192	Authenticated encryption	NGE	—	—	—	—	—	aes-gcm-192	aes-gcm-192
AES-GCM-256	Authenticated encryption	NGE	—	✓	—	IKEv1: n/a IKEv2: aes-gcm-256	esp-gcm 256	aes-gcm-256	aes-gcm-256

6. under crypto isakmp policy (IKE) or crypto ike2 proposal (IKEv2)

7. in a crypto ipsec transform-set

8. under crypto ikev2 policy (IKEv2)

9. in a crypto ipsec ikev2 ipsec-proposal

Algorithm	Operation	Status	Alternative	QCR	Mitigation	IOS command¹⁰	IOS command¹¹	IOS command¹²
DSA-768	Authentication	Avoid	DSA-3072	—	—	—	—	—
DSA-1024	Authentication	Avoid	DSA-3072	—	—	—	—	—
MD5	Integrity	Avoid	SHA-256	—	—	—	—	—
SHA-1	Integrity	Legacy	SHA-256	—	—	—	—	—
HMAC-MD5	Integrity	Legacy	HMAC-SHA-256	—	Short key lifetime	IKEv1: hash md5 IKEv2: integrity md5 IKEv2: prf md5	esp-md5-hmac	ah-md5-hmac
DSA-2048	Authentication	Acceptable	ECDSA-256	—	—	—	—	—
DSA-3072	Authentication	Acceptable	ECDSA-256	—	—	—	—	—
HMAC-SHA-1	Integrity	Acceptable	HMAC-SHA-256	—	—	IKEv1: hash sha IKEv2: integrity sha1 IKEv2: prf sha1	esp-sha-hmac	ah-sha-hmac
SHA-256	Integrity	NGE	SHA-384	—	—	—	—	—
SHA-384	Integrity	NGE	—	✓	—	—	—	—
SHA-512	Integrity	NGE	—	✓	—	—	—	—
HMAC-SHA-256	Integrity	NGE	—	✓	—	IKEv1: hash sha256 IKEv2: integrity sha256 IKEv2: prf sha256	—	—
HMAC-SHA-384	Integrity	?	—	?	—	IKEv1: hash sha384 IKEv2: integrity sha384 IKEv2: prf sha384	—	—
HMAC-SHA-512	Integrity	?	—	?	—	IKEv1: n/a IKEv2: integrity sha512 IKEv2: prf sha512	—	—
ECDSA-384	Authentication	NGE	—	—	—	—	—	—
AES-GCM-128	Authenticated encryption	NGE	—	—	—	—	esp-gmac 128	—
AES-GCM-256	Authenticated encryption	NGE	—	✓	—	—	esp-gmac 256	—

10. under crypto isakmp policy (IKE) or crypto ike2 proposal (IKEv2)

11. in a crypto ipsec transform-set for ESP

12. in a crypto ipsec transform-set for AH

curve25519-sha256	SHOULD
curve448-sha512	MAY
diffie-hellman-group-exchange-sha1	SHOULD NOT
diffie-hellman-group-exchange-sha256	MAY
diffie-hellman-group1-sha1	SHOULD NOT
diffie-hellman-group14-sha1	SHOULD
diffie-hellman-group14-sha256	MUST
diffie-hellman-group15-sha512	MAY
diffie-hellman-group16-sha512	SHOULD
diffie-hellman-group17-sha512	MAY
diffie-hellman-group18-sha512	MAY
ecdh-sha2-nistp256	SHOULD
ecdh-sha2-nistp384	SHOULD
gss-gex-sha1-*	SHOULD NOT
gss-group1-sha1-*	SHOULD NOT
gss-group14-sha1-*	MAY
gss-group14-sha256-*	SHOULD
gss-group15-sha512-*	MAY
gss-group16-sha512-*	SHOULD
gss-group17-sha512-*	MAY
gss-group18-sha512-*	MAY
gss-nistp256-sha256-*	SHOULD
gss-nistp384-sha384-*	SHOULD
gss-nistp521-sha512-*	MAY
gss-curve25519-sha256-*	SHOULD
gss-curve448-sha512-*	MAY
rsa1024-sha1	MUST NOT
rsa2048-sha256	MAY

chacha20-poly1305@openssh.com

aes128-ctr

aes192-ctr

aes256-ctr

aes128-gcm@openssh.com

aes256-gcm@openssh.com

aes128-cbc

aes192-cbc

aes256-cbc

3des-cbc

hmac-sha1

hmac-sha1-96

hmac-sha2-256

hmac-sha2-512