2.2.5.8 Phase 2 - Perfect Forward Secrecy

Keys: Software\Policies\Microsoft\WindowsFirewall\Phase2CryptoSets\<wszSetId>.

Value: "PFS"

Type: REG_SZ.

Size: Equal to size of the Data field.

Data: this value is a Unicode string encoded using the following grammar rule:

 PFS_VAL = "Disable" / "EnableDHFromPhase1" / "ReKeyDH1" / "ReKeyDH2" / "ReKeyDH2048" 
 PFS_VAL =/ "ReKeyECDH256" / "ReKeyECDH384"

Disable: This token represents the FW_PHASE2_CRYPTO_PFS_DISABLE enumeration value as defined in [MS-FASP] section 2.2.72. The remaining token values in this list can be found in the same Protocol specification section.

EnableDHFromPhase1: This token represents the FW_PHASE2_CRYPTO_PFS_PHASE1 enumeration value.

ReKeyDH1: This token represents the FW_PHASE2_CRYPTO_PFS_DH1 enumeration value.

ReKeyDH2: This token represents the FW_PHASE2_CRYPTO_PFS_DH2 enumeration value.

ReKeyDH2048: This token represents the FW_PHASE2_CRYPTO_PFS_DH2048 enumeration value.

ReKeyECDH256: This token represents the FW_PHASE2_CRYPTO_PFS_ECDH256 enumeration value.

ReKeyECDH384: This token represents the FW_PHASE2_CRYPTO_PFS_ECDH384 enumeration value.

This value represents the Pfs field of the FW_CRYPTO_SET structure as defined in [MS-FASP] section 2.2.73.

Show: