...
Diffie-Hellman Group | Name | Reference |
---|---|---|
Group 1 | 768 bits MODP group | RFC 2409 |
Group 2 | 1024 bits MODP group | RFC 2409 |
Group 3 | EC2N group on GP(2^155) | RFC 2409 |
Group 4 | EC2N group on GP(2^185) | RFC 2409 |
Group 5 | 1536 bits MODP group | RFC 3526 |
Group 14 | 2048 bits MODP group | RFC 3526 |
Group 15 | 3072 bits MODP group | RFC 3526 |
Group 16 | 4096 bits MODP group | RFC 3526 |
Group 17 | 6144 bits MODP group | RFC 3526 |
Group 18 | 8192 bits MODP group | RFC 3526 |
Group 19 | 256 bits random ECP group | RFC 5903 |
Group 20 | 384 bits random ECP group | RFC 5903 |
Group 21 | 521 bits random ECP group | RFC 5903 |
...
For optimal security, it's advisable to use DH Group 14 or higher if your router can handle the CPU load. However, if you're concerned about CPU performance and believe that 19. It's considered fast and secure. However, DH Group 14 might give large load for your router, DH Group 5 can be a reasonable compromise between security and performance. DH Group 2 should generally be avoided unless you have legacy devices that require it.
...