AWS Site-to-Site VPN now supports additional encryption, integrity and key exchange algorithms

Posted on: Aug 20, 2020

You can now use additional encryption, integrity, and key exchange algorithms for your VPN connections. These advanced algorithms provide higher security to protect your data, higher performance for faster transfer rates, and help meet compliance requirements. These algorithms are available as tunnel options for new and existing VPN connections and can be accessed through the AWS Management console, AWS Cloud Development Kit (CDK), or the AWS Command Line Interface (CLI). These algorithms listed below provide customers with more flexibility to choose configurations that best suit their security, performance, and compliance requirements. 

Encryption: AES128-GCM-16, AES256-GCM-16.
Integrity: SHA2-384, SHA2-512.
Diffie-Hellman groups: 19, 20, 21.

You can enable these algorithms for your VPN connections through the tunnel options when creating or modifying your connection. For more information about AWS Site-to-Site VPN and these options, see the product page.

These algorithms are now available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), EU (London), EU (Paris), EU (Stockholm), Asia Pacific (Singapore), Asia Pacific (Hong Kong), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), Asia Pacific (Mumbai), Middle East (Bahrain), Africa (Cape Town), South America (Sao Paulo), Canada (Central), and AWS GovCloud (US) Regions.