book cover

OpenSSL Cookbook  3rd Edition

The definitive guide to using the OpenSSL command line for configuration and testing. Topics covered in this book include key and certificate management, server configuration, a step by step guide to creating a private CA, and testing of online services. Written by Ivan Ristić.

1.3.6 Generating DH Parameters

The DH key exchange has fallen out of fashion, but you may still want to support it in your servers on philosophical grounds. If you do, you may find with some server software (e.g., Nginx) that you need to manually configure the desired DH parameters. This is how:

$ openssl dhparam -out dh-2048.pem 2048

In practice, only 2,048-bit DH parameters make sense. Anything less is going to be weak or insecure, while anything more is going to slow you down. DH parameters need not be secret. In fact, there are some predefined groups (sometimes called well-known groups) that are recommended because they are known to have been securely generated.1

Rarely, you may encounter a situation, usually in a legacy environment, in which you need to configure a server with 1,024-bit DH parameters. It’s essential that you don’t use a well-known group in this case. The issue is that weak DH groups are susceptible to precomputation attacks, which further downgrade their security. If you really must use a 1,024-bit DH parameters, always generate your own unique group using OpenSSL.

< Prev
^ Table of Contents
Next >