Is dhparam really required if only using ECDHE?

https://weakdh.org/sysadmin.html says there is a bunch of problems with DHE. It says it can be fixed by generating my own dhparams, but I'd rather not have to do this. I think ECDHE doesn't use dhparams, but the man page of openssl dhparam was less than clear on this point.

So, could ECDHE use dhparams? If so, and I am using ECDHE, should I generate my own dhparams?


Solution 1:

dhparam is only used to generate the parameters for "classic" DH key exchange. It is not used in ECC based DH, i.e. not used with ECDHE ciphers. Thus, if no plain DH/DHE ciphers are configured at your server but only ECDHE then you don't need to set your own dhparam.