alexlemann
commented
9 years ago @kmtracey
Closed alexlemann closed 9 years ago
alexlemann
commented
9 years ago @kmtracey
kmtracey
commented
9 years ago Hmm, that openssl dhparam command says when it starts "This is going to take a long time". Do we have any idea how long? I gather it is indeterminate but do we have some idea of realistically how long this will take? (I gave up my quick try after 12 minutes...)
alexlemann
commented
9 years ago Just took me an hour to run it with 4096
dpoirier
commented
9 years ago Only an hour?!
mlavin
commented
9 years ago 1024 is the minimum that modern browsers are supposed to support. Most recommendations seem to state that 2048 is sufficient.
dpoirier
commented
9 years ago On my laptop, it took 18 minutes for 4096 bits, but only 69 seconds for 2048. 69 seconds still seems a bit long, but acceptable for something that only has to be done once on a system.
vkurup
commented
9 years ago caktus/margarita#62 is now tracking this.
run:
openssl dhparam -out dhparam.pem 4096or maybe 2048?and use it in nginx.conf:
ssl_dhparam /path/to/dhparam.pem;See: