2.2.5.28 Phase 2 - 2.16 Perfect Forward Secrecy
Keys: Software\Policies\Microsoft\WindowsFirewall\Phase2CryptoSets\<wszSetId>.
Value: "2_16PFS"
Type: REG_SZ.
Size: Equal to size of the Data field.
Data: This value is a Unicode string encoded using the following grammar rule:
-
PFS-VAL = "Disable" / "EnableDHFromPhase1" / "ReKeyDH1" / "ReKeyDH2" / "ReKeyDH2048" PFS-VAL =/ "ReKeyECDH256" / "ReKeyECDH384" / "ReKeyDH24"
Disable: This token represents the FW_PHASE2_CRYPTO_PFS_DISABLE enumeration value as defined in [MS-FASP] section 2.2.73. The remaining token values in this list can be found in the same protocol specification section.
EnableDHFromPhase1: This token represents the FW_PHASE2_CRYPTO_PFS_PHASE1 enumeration value.
ReKeyDH1: This token represents the FW_PHASE2_CRYPTO_PFS_DH1 enumeration value.
ReKeyDH2: This token represents the FW_PHASE2_CRYPTO_PFS_DH2 enumeration value.
ReKeyDH2048: This token represents the FW_PHASE2_CRYPTO_PFS_DH2048 enumeration value.
ReKeyECDH256: This token represents the FW_PHASE2_CRYPTO_PFS_ECDH256 enumeration value.
ReKeyECDH384: This token represents the FW_PHASE2_CRYPTO_PFS_ECDH384 enumeration value.
ReKeyDH24: This token represents the FW_PHASE2_CRYPTO_PFS_DH24 enumeration value.
This value represents the Pfs field of the FW_CRYPTO_SET structure as defined in [MS-FASP] section 2.2.74.