Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tyoma Makeev2015-12-02 22:12:20
Nginx
Tyoma Makeev, 2015-12-02 22:12:20

Do I need to periodically change the ssl_dhparam parameters in Nginx?

Do I need to periodically generate a new dhparams file for the ssl_dhparam directive for Nginx in order for PFS to work? I don’t understand the mechanism of how this all works, but for some reason it seems that if there is already some kind of thing that is generated, and completely independent of anything else (as opposed to the same certificates, HPKP keys, etc.) - it need to change sometimes. Or not?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
J
J_o_k_e_R, 2015-12-03
@murmuringvoices

No need. These DH parameters are not secret, unlike keys. For the protocol, the main thing is that you set them so that they are not "vulnerable" (generated by leaky software). Well, they are generated for a long time, so it is difficult (and pointless) to generate them with each use.

Similar questions
U
Uniq2015-06-23 21:51:15
What modules are used? 2Reply
M
Marat2015-09-18 10:07:18
Is there a plugin to help when entering procedure functions? 1Reply
M
mxr2021-04-04 13:14:13
Reverse proxy for game server (UDP)? 3Reply
X
xaduha2015-05-02 19:57:20
How to configure Haproxy with SPDY or HTTP/2 support in TCP ALPN mode? 0Reply
D
Dmitry Straju2017-04-25 11:34:39
How to pass header("Connection: close") in nginx when keep-alive is enabled? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question