How to specify Custom DH parameters
Environment
- Red Hat Enterprise Linux 6x 7x
- httpd
- mod_ssl
- openssl
Issue
- How to specify Custom DH parameters
Resolution
We can specify Custom DH parameters with the following steps.
# openssl dhparam -out dhparams_2048.pem 2048
# cat dhparams_2048.pem >> /path/to/your/certfile.crt
# service httpd restart
You can see the following message if you set the log level to debug in /etc/httpd/conf.d/ssl.conf.
[Mon Jun 01 14:50:59 2015] [debug] ssl_engine_init.c(987): Custom DH parameters (2048 bits) for 127.0.0.1:443 loaded from /path/to/your/certfile.crt
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments