Hacker symbol

September 8, 2019 ~ 1 min read

Diffie–Hellman nginx


The Diffie-Hellman key exchange parameter in nginx usually a file named dhparams.pem that provides better security during the exchage of the ssl encryption keys. One can generate this file with the following command:

openssl dhparam -out dhparam.pem 4096

4096 bits is recommend to avoid the logjam attack: https://weakdh.org/. This file includes the prime p and the generator g. IT IS SAFE TO MAKE THIS FILE PUBLIC You can learn more here: https://www.youtube.com/watch?v=NmM9HA2MQGI


Sebastian Bolaños

Hi, I'm Sebastian. I'm a software developer from Costa Rica. You can follow me on Twitter. I enjoy working on distributed systems.