Skip to main content

Configuring Diffie-Hellman Key Exchange Parameters

We recommend using 2048-bit or stronger parameters for Diffie-Hellman key exchange. However, the default key size in OpenSSL is 1024 bits. To configure stronger Diffie-Hellman parameters:

  1. Create a 2048-bit Diffie-Hellman parameter file as follows:

    $ openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

  2. Modify Nginx configuration file for example with vi editor:

    $ vi /etc/nginx/sites-available/sshmgr

    Add the following line with the path to the Diffie-Hellman parameter file to the Nginx configuration file:

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

  3. Restart the Nginx web server services to apply the changes.

    # service nginx restart