Does the LE client also care for the Diffie Hellman keys?

rugk · November 2, 2015, 9:08pm

Simple question, but I think it’s a good one to ask: Does the LE client also create DH keys when it automatically configures a server?
At least here it did not do so.

As we know it is bad to use DH keys < 2048bit, so if the keys are smaller the LE client should possibly fix it - especially as it would be bad if LE users (webadmins) use the automatic mode of the client and think everything is done, when someone tells them they are attackable (Logjam) and need to (manually) generate some keys.
This would probably impair the “one command and everything is fine” approach by LE.

Possibly related: [SOLVED] Unverified SSL (Nginx)

rugk · November 2, 2015, 9:59pm

Found a GitHub issue tracking this:

Still a human-friendly explanation here would be nice.

tlussnig · November 2, 2015, 11:15pm

Hi Simple howto is under https://weakdh.org/sysadmin.html

rugk · November 3, 2015, 9:09pm

My question is not how to generate a DH key - my question is whether (and how) this can be automatised in the LE client.

Topic		Replies	Views
I can't set sufficient secure parameters for Diffie-Hellman key exchange on a LAMP stack Help	21	652	November 4, 2023
Making the Key Exchange stronger	26	16769	January 4, 2016
2048 Key Length using Crypt-LE Help	5	979	October 20, 2022
Best way to create new keys for my website?	15	9172	February 8, 2016
Bug: Alpine certbot package (docker) generates Private-Key: (256 bit) Help	14	45	October 9, 2024

Does the LE client also care for the Diffie Hellman keys?

Related topics