DHE生成方法
cd /etc/ssl/certs openssl dhparam -out dhparam.pem 4096
Nginx使用:
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Apache使用:
#apache 2.4.8 /openssl 1.0.2 之后才支持 DHParams SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparams.pem"
已生成好的 4096
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA7pAQUDrg6zCPUe7isOvWGL+1Sgqf1lM2LPa+Q3CuURiLQcA0lRMA
RRKgQ3AaetA/GQUOQtZMlVhWKgtph9wtWwlmco1DGBRaGPppGXDbJXPdj33XDS7u
J8F3/dboE86WxhgLZVXXxf29KcYc8MpvZIbvUG1WcYHFQoc9zIkMkSkOUkZHt1ei
NSrSKspI9s86aG0WFZwRLcMmLlPXgjRGThHh9SBNPUtrEVQ72CjRGN+IAMyzxO06
DxMkEgkIQV8pmXt7yS6Q/X/8B7ez2iJjlj489L4+1sF95fw+Mm36ttgXZByPq6K/
T4WerKWsdAg6rXaaymCfekym6CZR4xGxqwIBAg==
-----END DH PARAMETERS-----
Copyright © 1998 - Gworg, Inc. All Rights Reserved. 江苏光网数字认证有限公司版权所有
苏ICP备15058404号 苏公网安备32058202010008号