While researching how to deploy TLS for web servers most securely, I have learned that using custom DH parameters is one of the key aspects.
Now I am in the process of deploying IKE / IPSEC. As far as I have understood, IKEv1 as well as IKEv2 only support standard DH parameters which are denoted by standardized group names.
Does that mean that I cannot use my own custom DH parameters for IKEv1/2 (as generated by openssl dhparam
)?