DH parameters are additional bits of randomness that are used in the key exchange process. New DH parameters can be generated at any time, depending on the complexity of the encryption this process can take a long time.
/usr/bin/openssl dhparam -out /etc/nginx/dhparams/dhparams.pem 1024 - 10 seconds
/usr/bin/openssl dhparam -out /etc/nginx/dhparams/dhparams.pem 2048 - 5 minutes
/usr/bin/openssl dhparam -out /etc/nginx/dhparams/dhparams.pem 4096 - 10 minutes
/usr/bin/openssl dhparam -out /etc/nginx/dhparams/dhparams.pem 8192 - several hours
If there are several cores, generation occurs using only one, you can verify this by running the top command and pressing the number 1 in the parallel window during the generation process.
Since the process takes some time, we recommend running these commands using screen, we have already described more detailed work with this tool, you can find the manual in our knowledge base using the search.
No Comments Yet