[openssl-users] [openssl-dev] A question DH parameter generation and usage
Salz, Rich
rsalz at akamai.com
Wed Dec 6 13:50:07 UTC 2017
You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with legacy), you really should use ECDHE.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/5bbf7a50/attachment-0001.html>
More information about the openssl-users
mailing list