nginx and ephemeral Diffie-Hellman keys
Igor Sysoev
is at rambler-co.ru
Fri Jun 13 18:06:37 MSD 2008
On Fri, Jun 13, 2008 at 01:52:35PM +0200, Jauder Ho wrote:
> Thanks much! I just applied the patch (to 0.7.1) and tried it out. The
> patch works as expected and supports both strong prime and DSA style DH
> keys.
>
> For the record, the DH keys were generated with the following commands
> (with the dsaparam being more efficient but less secure. see dhparam man
> page).
>
> openssl dhparam -out dh1024.pem -5 1024
> openssl dhparam -dsaparam -out dh1024dsa.pem -5 1024
I'm going to use some hardcoded pregenerated DH parameters (as Apache does)
and allow to override them using the ssl_dhparam directive.
> Igor Sysoev wrote:
>
> >
> > nginx does not support DH keys.
> > The attached patch adds ssl_dhparam directive:
> >
> > ssl_dhparam /path/to/PEM_DHparam;
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list