It was decided from experiences at LinkedIn that DHE was unstable and/or causing problems in general. It was deemed an incompatible change that should not have happened in the 5.x cycle, so we restored defaults to a state as it was in 5.1. I'll let Thomas and Brian give more details on the issues with DHE.
You can still use DHE but you would have to move the params into a file and explicitly tell ATS to use those params. -- Leif > On Apr 1, 2015, at 4:04 AM, Reindl Harald <[email protected]> wrote: > > Hi > > why are DHE ciphers no longer available after update to 5.2.1? > > the crtificate files are PEM with > > * intermediate CA > * private key > * certificate > * ec params > * dh params > > in a single file which is supported for a long time by httpd and worked with > the previous ATS release too (which introduced DHE at all) >
