1.2.3 Use a Strong Key Exchange
In recent years, the DHE key exchange fell out of fashion; many modern clients no longer support it. As a result, there is only one widely supported secure option for the key exchange, and that's ECDHE. Although DHE suites do have some issues, they are not likely to be a problem in practice if used only as fallback. You shouldn't use the RSA key exchange (not to be confused with RSA keys) because in that case you lose forward security.
For key exchange to be secure, ECDHE and DHE have to be used with secure parameters. For ECDHE, the parameters are called named curves and only two are practical: X25519
and P-256
(also known as sec256r1
). For DHE (if using), ensure the parameters provide 2,048 bits of security. Some server software provides secure DHE parameters out of the box; with others, you'll have to provide your own.