[openssl-users] [openssl-dev] A question DH parameter generation and usage

Jayalakshmi bhat bhat.jayalakshmi at gmail.com
Wed Dec 6 18:04:53 UTC 2017

Hi Rich,

Thanks for the reply. We are planning to use  DHE_RSA based ciphers.


On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users <
openssl-users at openssl.org> wrote:

> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connection are vulnerable to another.
> Why are you using DH?  Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/340f71b9/attachment.html>

More information about the openssl-users mailing list