ssl_dhparam with Wildcard SSL

Thomas Ward teward at thomas-ward.net
Fri Mar 20 00:29:03 UTC 2020


The dhparam file cam be whichever you want it to be **provided that**
you configure it per server block.

Refer to the config documentation -
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam - and
the 'context' being 'http' or 'server' - you can define different
dhparam files for each server block.  This said, if you don't define
this each server, it'll disable DHE ciphers (but not ECDHE ciphers).


Thomas


On 3/19/20 10:42 AM, q1548 wrote:
> Hello Maxim, 
>
> Thanks for your helps. "http level...", Oh, not just a hardware server,
> several different dedicated servers.
>
> When wildcard SSL is used, the CRT file and the KEY file should be the same
> in each hardware server, I just want to know, can each server use its
> private dhparam file or must I use the same dhparam file? thank you very
> much.
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,287383,287385#msg-287385
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200319/1357c454/attachment-0001.htm>


More information about the nginx mailing list