nginx and ephemeral Diffie-Hellman keys
Jauder Ho
lists at ruby-forum.com
Sat Jun 14 01:13:37 MSD 2008
Patch applied and testing now.
>From reading the patch, it looks like the key is generated once. I did
some more digging and reference
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200205.mbox/%3C20020530181716.22766.qmail@icarus.apache.org%3E
Key should be changed out every so often.
- o Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
Igor Sysoev wrote:
>
> Here is updated patch.
--
Posted via http://www.ruby-forum.com/.
More information about the nginx
mailing list