For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API, there is documentation describing how to use this function.
DH parameter could be generated by OpenSSL in many ways, one of the common way is by using the openssl-dhparam command line tool. Check the -help option of that command. BTW: seems this email should be sent to openssl-users list only... > On 6 Dec 2017, at 14:02, Jayalakshmi bhat <bhat.jayalaks...@gmail.com> wrote: > > Hi, > > We are planning to use DHE_RSA TLS ciphers into our product. I have few > questions on using DH parameter. We would like to use DH-2048. > > our product includes both TLS client and server applications. Thus any time > there will be considerable number of active connectioons. > > I believe we can use same DH parameter for all the server connections. Is my > understanding correct? Is there any risk in using same parameter for all the > server connections. > > Another question is what is guidelines/document should be followed to derive > DH parameter. > > Any input is appreciated. > > Thanks and Regards > Jayalakshmi. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
signature.asc
Description: Message signed with OpenPGP
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
