-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add dhparam generation to the cert generation script. #44
Comments
Aye aye cap'n! |
@hotaru2k3 -- can you give me the steps that you used to generate dh-composite.pem and dh-small-subgroup.pem, so I can add them to the certificate and key generation script? Thanks! |
for dh-small-subgroup, i used a perl script (https://gist.github.com/hotaru2k3/5f01f5b987a718d45bb1; note that this is a horrible way to generate "real" parameters, but it's really fast if you don't need parameters that are actually secure), like so: for dh-composite, i intended to just use 7^729 with 5 as the generator (#40), but apparently i accidentally replaced the file with dh-small-subgroup.pem... that should probably be fixed.
i've been thinking about trying to generate a 2048-bit composite that fools openssl's prime check even more often, but the process looks really tedious. |
FYI, the "normal" dhparam ones are all in my push request. :) |
It would be nice to be able to regenerate these using e.g. @hotaru2k3's script. |
I might be okay with having static DH files. They can take a long time to generate, especially on VMs. |
Yeah, that part is solved by the |
I believe the old certificate generator used to have that, must have been something that got excluded on the way in. Can probably just have a make dhparams-regen that deletes the files that are currently in the |
I don't think we should ever delete anything from the If you're talking about adding all 6 current |
April, would you mind adding this?
The text was updated successfully, but these errors were encountered: