nginx and ephemeral Diffie-Hellman keys

Jauder Ho lists at
Sat Jun 14 01:13:37 MSD 2008

Patch applied and testing now.

>From reading the patch, it looks like the key is generated once. I did 
some more digging and reference

Key should be changed out every so often.

  - o Diffie-Hellman-Parameters for temporary keys are hardcoded in
  -   ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
  -   "it is suggested that keys be changed daily or every 500
  -    transactions, and more often if possible."

Igor Sysoev wrote:

> Here is updated patch.

Posted via

More information about the nginx mailing list