ssl_dhparam with Wildcard SSL

Thomas Ward teward at
Fri Mar 20 00:29:03 UTC 2020

The dhparam file cam be whichever you want it to be **provided that**
you configure it per server block.

Refer to the config documentation - - and
the 'context' being 'http' or 'server' - you can define different
dhparam files for each server block.  This said, if you don't define
this each server, it'll disable DHE ciphers (but not ECDHE ciphers).


On 3/19/20 10:42 AM, q1548 wrote:
> Hello Maxim, 
> Thanks for your helps. "http level...", Oh, not just a hardware server,
> several different dedicated servers.
> When wildcard SSL is used, the CRT file and the KEY file should be the same
> in each hardware server, I just want to know, can each server use its
> private dhparam file or must I use the same dhparam file? thank you very
> much.
> Posted at Nginx Forum:,287383,287385#msg-287385
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list