How to specify Custom DH parameters

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 6x 7x
  • httpd
  • mod_ssl
  • openssl

Issue

  • How to specify Custom DH parameters

Resolution

We can specify Custom DH parameters with the following steps.

# openssl dhparam -out dhparams_2048.pem 2048
# cat dhparams_2048.pem  >> /path/to/your/certfile.crt
# service httpd restart

You can see the following message if you set the log level to debug in /etc/httpd/conf.d/ssl.conf.

[Mon Jun 01 14:50:59 2015] [debug] ssl_engine_init.c(987): Custom DH parameters (2048 bits) for 127.0.0.1:443 loaded from /path/to/your/certfile.crt

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments