1.3.6 Generating DH Parameters
The DH key exchange has fallen out of fashion, but you may still want to support it in your servers on philosophical grounds. If you do, you may find with some server software (e.g., Nginx) that you need to manually configure the desired DH parameters. This is how:
$ openssl dhparam -out dh-2048.pem 2048
In practice, only 2,048-bit DH parameters make sense. Anything less is going to be weak or insecure, while anything more is going to slow you down. DH parameters need not be secret. In fact, there are some predefined groups (sometimes called well-known groups) that are recommended because they are known to have been securely generated.1
Rarely, you may encounter a situation, usually in a legacy environment, in which you need to configure a server with 1,024-bit DH parameters. It’s essential that you don’t use a well-known group in this case. The issue is that weak DH groups are susceptible to precomputation attacks, which further downgrade their security. If you really must use a 1,024-bit DH parameters, always generate your own unique group using OpenSSL.