1

I generated DH parameters and set at server side. it always select cipher suite DHE_RSA? Is there any reason that DH parameter have to set server side only.

Ephemeral DH: what is changed P and g every session ? or private key ?

Devang Kubavat
  • 115
  • 2
  • 11
  • Your question could use some clarification. Are you talking about Diffie-Hellman for TLS? What do you want to know specifically about Diffie-Hellman? – Sjoerd Sep 16 '16 at 08:01
  • 1
    Another important question is, what server are you using? An even more important question, though: *WHY* do you want to use non-ephemeral DH? DHE is more secure for your users (it provides forward secrecy, ensuring safety even if the adversary records the communications and later steals your private key). If you're not using ephemeral key exchange, why bother with DH at all? RSA alone is capable of key exchange. – CBHacking Sep 16 '16 at 08:11
  • @Sjoerd: Yes I am talking about for TLS. I am confused about what is difference between DH and DHE.. means what parameter is changed in like p, g or other... I fixed p and g. is it mean that I am using fixed DH? – Devang Kubavat Sep 16 '16 at 08:25
  • p and g are the parameters of a group for DH; see http://security.stackexchange.com/questions/94390/whats-the-purpose-of-dh-parameters . A private key is often called x and the corresponding public key y. Ephemeral DH means x (and thus y) is generated separately for each operation (in TLS for each full handshake); non-ephemeral aka static aka fixed means x and y are kept the same for a substantial period like a week or a year. – dave_thompson_085 Nov 07 '16 at 12:04

1 Answers1

1

Fixed DH means a DH certificate. Nobody uses this. You want DHE with RSA certificate. Actually, you want ECDHE over NIST P-256 for compatibility and X25519 for security and performance with modern browsers. New versions of Google Chrome don't support DHE.

If you use DHE (which I think your server should support), your server should generate safe params with same bit size as the RSA key in the certificate (generally 2048 bits). With nginx, you should use openssl dhparam command to generate a file and ssl_dhparam nginx configuration statement to point to that file. Other web servers and TLS terminators have different methods of generating safe DH params of appropriate size.

Z.T.
  • 7,768
  • 1
  • 20
  • 35