nginx and ephemeral Diffie-Hellman keys

Jauder Ho lists at
Fri Jun 13 15:52:35 MSD 2008


Thanks much! I just applied the patch (to 0.7.1) and tried it out. The 
patch works as expected and supports both strong prime and DSA style DH 

For the record, the DH keys were generated with the following commands 
(with the dsaparam being more efficient but less secure. see dhparam man 

  openssl dhparam -out dh1024.pem -5 1024
  openssl dhparam -dsaparam -out dh1024dsa.pem -5 1024


Igor Sysoev wrote:

> nginx does not support DH keys.
> The attached patch adds ssl_dhparam directive:
>       ssl_dhparam   /path/to/PEM_DHparam;

Posted via

More information about the nginx mailing list