nginx and ephemeral Diffie-Hellman keys

Jauder Ho lists at ruby-forum.com
Sat Jun 14 01:13:37 MSD 2008


Patch applied and testing now.

>From reading the patch, it looks like the key is generated once. I did 
some more digging and reference 
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200205.mbox/%3C20020530181716.22766.qmail@icarus.apache.org%3E

Key should be changed out every so often.

  - o Diffie-Hellman-Parameters for temporary keys are hardcoded in
  -   ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
  -   "it is suggested that keys be changed daily or every 500
  -    transactions, and more often if possible."




Igor Sysoev wrote:

> 
> Here is updated patch.

-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list