[openssl-users] [openssl-dev] A question DH parameter generation and usage

[Salz, Rich]

You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are vulnerable to another.

Why are you using DH?  Unless you have compelling reasons (interop with legacy), you really should use ECDHE.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/5bbf7a50/attachment-0001.html>