[openssl-users] [openssl-dev] A question DH parameter generation and usage

Salz, Rich rsalz at akamai.com
Wed Dec 6 13:50:07 UTC 2017

You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are vulnerable to another.

Why are you using DH?  Unless you have compelling reasons (interop with legacy), you really should use ECDHE.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/5bbf7a50/attachment-0001.html>

More information about the openssl-users mailing list