(Sorry, got stuck in my outbox and I didn't notice for a while) > From: owner-openssl-us...@openssl.org On Behalf Of Marco Bambini > Sent: Monday, September 22, 2014 02:44
> Thanks a lot for the explanation, so instead of generating new parameters on > the fly I could just create them once and then load on requests via the > SSL_CTX_set_tmp_dh_callback? > > Like in the example listed on: > https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html > If you generate one set of parameters you can just set them in set_tmp_dh, which is specified on the same manpage and is just called before connecting. The _callback variant is only needed if you want to select different parameters for different connections. That example is to support old "export" ciphersuites where you are/were required to use DH-512 because of legal restrictions that no longer apply since about 1999. You should never use export suites unless you are dealing with very old systems that cannot be upgraded, in which case it's probably a waste to bother with DHE at all. Even though OpenSSL does still permit them by default (although based on discussions here that will probably change in the next release or two). > Should I provide just 4 files: dh512.pem, dh1024.pem, dh2048.pem, and > dh4096.pem? > You should use any DH group of size 512 (the supplied file or one you generate) only if required for export suites (see above). 512 is now practical to break. 1024 is adequate for now, although >=2048 provides a better safety margin and is specified by standards like NIST SP800-57. However, you should test with your clients first; the SSL implementation (JSSE) in Sun-now-Oracle Java before v8 does not support DH > 1024, and there may be others. If you use 1024 now, you should have a plan to switch to 2048 or maybe more in a few years. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
