Is dhparam really required if only using ECDHE?

ssl

https://weakdh.org/sysadmin.html says there is a bunch of problems with DHE. It says it can be fixed by generating my own dhparams, but I'd rather not have to do this. I think ECDHE doesn't use dhparams, but the man page of openssl dhparam was less than clear on this point.

So, could ECDHE use dhparams? If so, and I am using ECDHE, should I generate my own dhparams?


Solution 1:

dhparam is only used to generate the parameters for "classic" DH key exchange. It is not used in ECC based DH, i.e. not used with ECDHE ciphers. Thus, if no plain DH/DHE ciphers are configured at your server but only ECDHE then you don't need to set your own dhparam.

Related

Local intranet zone sites opening in IE instead of Edge
Windows 10 Always On VPN, Split DNS, NRPT, and how to configure which DNS server is used?
python get-pip.py not working behind proxy
bind: loading from master file failed: file not found
Nginx variable in proxy pass does not work
How to implement partial mirroring in nginx?
Increase the ZFS partition to use the entire disk
ZFS - Use a file as l2arc cache
Resize zfs pool
Corrupt (?) ReFS causing blue screen when drive is mounted
debootstrap "Release signed by unknown key"
SQL Server Page File location - where to put it?