ssl_dhparam with Wildcard SSL
Maxim Dounin
mdounin at mdounin.ru
Thu Mar 19 13:25:17 UTC 2020
Hello!
On Thu, Mar 19, 2020 at 05:42:28AM -0400, q1548 wrote:
> I want to use a Wildcard SSL on several servers.
>
> "ssl_certificate" and "ssl_certificate_key" are same CRT file and KEY file,
> but for "ssl_dhparam", each server have its private dhparam file? or use the
> same dhparam file? please help, thanks.
You don't need to configure more than one dhparam file, one for
all servers as set on the http level is enough.
Moreover, you probably don't want to configure dhparam file at
all, keeping all DHE ciphers disabled, as it is by default. DHE
ciphers are very slow compared to ECDH ones, and most browsers
support ECDH nowadays.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list