Hi, There was a reason custom DH parameters were removed. Custom DH parameters were the source of plenty of problems.
I suggest reading: https://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html https://eprint.iacr.org/2016/644 https://www.openssl.org/news/secadv/20160128.txt There's also a more general theme I think what we have learned over time: Moving parts in crypto protocols are bad, simplicity is good. Fix as much as you can, avoid negotiating stuff. This is not talked about that much explicitly, but it is a major change of how crypto protocols were designed in the past (i.e. TLS 1.2 times) where it was often considered desirable to add as much flexibility as possible. (Also FWIW the relevance of DH is pretty small these days. I think the largest web clients simply don't support it at all.) -- Hanno Böck https://hboeck.de/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
