ssl_dhparam and recommended-private-length

timo2 nginx-forum at
Mon Jan 3 11:57:05 MSK 2011


Nginx offers a possibility to import DH parameters (prime p and
generator g) from external file. The parameters (p and g) have to be
generated with "openssl dpharam." In the default setting, openssl
calculates strong primes and uses either 2 or 5 as generator. The
private exponent in modular exponentiation is then very long, its bit
representation is comparable in length to the prime modulus, e.g. 2047
bits with 2048 bits long modulus. However, there is an extra option in
openssl dhparam to generate DSA type parameters for Diffie-Hellman key
exchange. The main advantage is that the recommended exponent length is
much shorter, e.g. 224 or 256 bits with 2048 bits long modulus. The
length of the exponent has direct impact on computational complexity
because it determines the number of multiplications and squarings in
modular exponentiation. For example, one could go down from 2048
multiplications and squarings to 256 or 224.

At the moment, nginx passes only p and g parameters to SSL. It would be
nice to pass also the recommended exponent length to openssl via
dh->length provided that the recommended-private-length is present in
pem file. For the recommended-private-length parameter to be present in
PEM file, the DH parameters have to be generated with "openssl dhparam

Posted at Nginx Forum:,163037,163037#msg-163037

More information about the nginx mailing list