ssl_dhparam compatibility issues?
julien at linuxwall.info
Sat May 23 15:25:26 UTC 2015
On 2015-05-23 11:19, Grant wrote:
> I'm using Mozilla's "Old backward compatibility" ssl_ciphers so I
> good about my compatibility there, but does the following open me up
> to potential compatibility problems:
> # openssl dhparam -out dhparams.pem 2048
DHE params larger than 1024 bits are not compatible with java 6/7
If you need compatibility with those clients, use a DHE of 1024 bits,
or disable DHE entirely.
More information about the nginx