The Solaris 10 5/09 release introduces the following algorithms for IPsec and IKE:
Three larger Diffie-Hellman integer-modulus groups including 2048-bit, 3072-bit, and 4096-bit – The larger Diffie-Hellman groups are available in IKE Phase 1 and Phase 2. The groups are specified by group number 14 for 2048-bit, 15 for 3072-bit, and 16 for 4096-bit, per RFC 3526.
SHA-2 series of hashes including sha256, sha384, and sha512– SHA-2 using HMAC is available for IPsec's Authentication Header (AH) and ESP, and for IKE during its interactions. SHA-2 is used in IPsec per RFC 4868, with truncated ICV lengths of 16 bytes for SHA256, 24 bytes for SHA384, and 32 bytes for SHA512.
SHA-2 is not available for certificates generated with ikecert(1M).