<div dir="ltr">Hi Jakob and Paul,<div><br></div><div>Thank you so much for the reply. We have the RSA certificates. I wanted to understand how generally DH parameters are generated. Thanks for the detailed answers.</div><div><br></div><div>Regards</div><div>Jayalakshmi</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm <span dir="ltr"><<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 06/12/2017 07:02, Jayalakshmi bhat wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
We are planning to use DHE_RSA TLS ciphers into our product. I have few questions on using DH parameter. We would like to use DH-2048.<br>
<br>
our product includes both TLS client and server applications. Thus any time there will be considerable number of active connectioons.<br>
<br>
I believe we can use same DH parameter for all the server connections. Is my understanding correct? Is there any risk in using same parameter for all the server connections.<br>
<br>
Another question is what is guidelines/document should be followed to derive DH parameter.<br>
<br>
Any input is appreciated.<br>
<br>
<br>
</blockquote></span>
In TLS and SSL 3 (current versions, not sure about GoogleTLS 1.3),<br>
DHE parameters are chosen exclusively by the server, so most rules<br>
will be about servers.<br>
<br>
Current best practice on clients is to reject parameters of less<br>
than 1000 bits, parameters with fewer bits than they pretend (e.g.<br>
parameters claiming to be 1024 bits, but the most significant 32<br>
bits are all 0, making them really less than 993 bits), parameters<br>
that are glaringly non-prime (e.g. even numbers) and parameters<br>
that cause the DHE calculation to result in an unreasonably number<br>
such as 1 (indicating rigged parameters). I hope that OpenSSL<br>
client code already does such checks by default, otherwise someone<br>
should point out how to make it do so.<br>
<br>
Current best practice on servers is to use DHE parameters such as<br>
those generated by openssl dhparam, or the equivalent API function.<br>
<br>
Current best practice on general purpose servers is to use at least<br>
2048 bit DH parameters except when talking to clients that can't do<br>
that, such as the TLS code in Oracle Java 6. Going above 2048 bits<br>
is good, but some common clients don't work significantly above<br>
that number (for example, some versions of the Mozilla NSS code<br>
have a built in maximum of 2236 bits).<br>
<br>
Current best practice on servers is to use DHE parameters that are<br>
used by few other servers, at least in a given timespan. Thus for<br>
servers that will be deployed in small numbers, just generate your<br>
own parameters at build time using<br>
openssl dhparam -C xxxx > dhxxxx.inc<br>
then include dhxxxx.inc in your source code. For servers that will<br>
be deployed in large numbers, load the dh parameters from files in<br>
the format generated by<br>
openssl dhparam xxxx > dhxxxx.pem<br>
and include scripts or other code that will replace the file<br>
contents daily or weekly (overwriting the old parameters only after<br>
the new ones are ready). The exim mail server does this if you<br>
follow the instructions.<br>
<br>
Enjoy<br>
<br>
Jakob<span class="HOEnZb"><font color="#888888"><br>
-- <br>
Jakob Bohm, CIO, Partner, WiseMo A/S. <a href="https://www.wisemo.com" rel="noreferrer" target="_blank">https://www.wisemo.com</a><br>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10<br>
This public discussion message is non-binding and may contain errors.<br>
WiseMo - Remote Service Management for PCs, Phones and Embedded<br>
<br>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailma<wbr>n/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div>