You can re-use the keys, but then you get no forward secrecy, and sessions
generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with
legacy), you really should use ECDHE.
--
openssl-dev mailing list
To unsubscribe:
For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you
if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API,
there is documentation describing how to use this function.
DH parameter could be generated by OpenSSL in many ways, one of the common