ssl_dhparam compatibility issues?
Julien Vehent
julien at linuxwall.info
Sat May 23 15:25:26 UTC 2015
On 2015-05-23 11:19, Grant wrote:
> I'm using Mozilla's "Old backward compatibility" ssl_ciphers so I
> feel
> good about my compatibility there, but does the following open me up
> to potential compatibility problems:
>
> # openssl dhparam -out dhparams.pem 2048
DHE params larger than 1024 bits are not compatible with java 6/7
clients.
If you need compatibility with those clients, use a DHE of 1024 bits,
or disable DHE entirely.
- Julien
More information about the nginx
mailing list