ssl_dhparam compatibility issues?

Julien Vehent julien at linuxwall.info
Sat May 23 15:25:26 UTC 2015


On 2015-05-23 11:19, Grant wrote:
> I'm using Mozilla's "Old backward compatibility" ssl_ciphers so I 
> feel
> good about my compatibility there, but does the following open me up
> to potential compatibility problems:
>
> # openssl dhparam -out dhparams.pem 2048

DHE params larger than 1024 bits are not compatible with java 6/7 
clients.
If you need compatibility with those clients, use a DHE of 1024 bits, 
or disable DHE entirely.

- Julien



More information about the nginx mailing list