Are DH params necessary when using TLS

Asked Sep 24 '15 at 08:47

Active Sep 24 '15 at 08:47

Viewed 167 times

When connecting using TLSv1 protocol with HIGH cipher, are DH params necessary (in openssl)?

I am getting

SSL_connect(): error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

even though the certificate being used does not have DH params in it.

asked Sep 24 '15 at 08:47

user3458168

I found the answer. DH params are not necessary if we restrict ciphers to kRSA – user3458168 Sep 24 '15 at 11:34
`kRSA` is frowned upon because it does not provide forward secrecy. Its going to be removed form TLS 1.3. That may (or may not) be a issue for you. You would probably do better to provide Diffie-Hellman parameters larger than 1024. Also see [SSL operation failed with code 1: dh key too small](http://stackoverflow.com/q/30701397). – jww Sep 24 '15 at 12:03

0 Answers0