The key exchange produces two values: a shared secret K, and an exchange hash H. Encryption and authentication keys are derived from these. The exchange hash H from the first key exchange is additionally used as the session identifier, which is a unique identifier for this connection. It is used by authentication methods as a part of the data that is signed as a proof of possession of a private key. Once computed, the session identifier is not changed, even if keys are later reexchanged.
Cipher Name (modes)  Estimated Security Strength 

3des (cbc)  112 bits 
aes128 (cbc, ctr, gcm)  128 bits 
aes192 (cbc, ctr, gcm)  192 bits 
aes256 (cbc, ctr, gcm)  256 bits 
Hash Name  Estimated Security Strength 

sha1  80 bits (before attacks) 
sha256  128 bits 
sha384  192 bits 
sha512  256 bits 
Curve Name  Estimated Security Strength 

nistp256  128 bits 
nistp384  192 bits 
nistp521  512 bits 
curve25519  128 bits 
curve448  224 bits 
Prime Field Size  Estimated Security Strength  Example MODP Group 

2048bit  112 bits  group14 
3072bit  128 bits  group15 
4096bit  152 bits  group16 
6144bit  176 bits  group17 
8192bit  200 bits  group18 
Key Exchange Method  Estimated Security Strength 

rsa1024sha1  80 bits 
rsa2048sha256  112 bits 
This process will lose entropy if the amount of entropy in K is larger than the internal state size of HASH.
Key Exchange Method Name  Guidance 

curve25519sha256 

gsscurve25519sha256* 

Key Exchange Method Name  Guidance 

curve448sha512 

gsscurve448sha512* 

Key Exchange Method Name  Guidance 

ecdhsha2* 

ecdhsha2nistp256 

gssnistp256sha256* 

ecdhsha2nistp384 

gssnistp384sha384* 

ecdhsha2nistp521 

gssnistp521sha512* 

ecmqvsha2 

Key Exchange Method Name  Guidance 

diffiehellmangroupexchangesha1 

diffiehellmangroupexchangesha256 

Key Exchange Method Name  Guidance 

diffiehellmangroup14sha256 

gssgroup14sha256* 

diffiehellmangroup15sha512 

gssgroup15sha512* 

diffiehellmangroup16sha512 

gssgroup16sha512* 

diffiehellmangroup17sha512 

gssgroup17sha512* 

diffiehellmangroup18sha512 

gssgroup18sha512* 

Key Exchange Method Name  Guidance 

rsa1024sha1 

rsa2048sha256 

Key Exchange Method Name  Reference  Previous Recommendation  RFC 9142 Implement 

curve25519sha256 

none 

curve448sha512 

none 

diffiehellmangroupexchangesha1 

none 

diffiehellmangroupexchangesha256 

none 

diffiehellmangroup1sha1 



diffiehellmangroup14sha1 



diffiehellmangroup14sha256 

none 

diffiehellmangroup15sha512 

none 

diffiehellmangroup16sha512 

none 

diffiehellmangroup17sha512 

none 

diffiehellmangroup18sha512 

none 

ecdhsha2* 



ecdhsha2nistp256 



ecdhsha2nistp384 



ecdhsha2nistp521 



ecmqvsha2 



extinfoc 



extinfos 



gss 

reserved  reserved 
gsscurve25519sha256* 



gsscurve448sha512* 



gssgexsha1* 



gssgroup1sha1* 



gssgroup14sha1* 



gssgroup14sha256* 



gssgroup15sha512* 



gssgroup16sha512* 



gssgroup17sha512* 



gssgroup18sha512* 



gssnistp256sha256* 



gssnistp384sha384* 



gssnistp521sha512* 



rsa1024sha1 



rsa2048sha256 



OK to Implement guidance entries for registrations that predate [RFC9142] are found in Table 12 in Section 4 of [RFC9142].