[jetty-users] How to use a stronger Diffie Hellman group in Jetty?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] How to use a stronger Diffie Hellman group in Jetty?

From: gouessej@xxxxxxxxx
Date: Fri, 7 Jan 2022 22:45:10 +0100 (CET)
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hello

I would like to avoid using common Diffie Hellman primes in order to improve the security during key exchange, I tried to follow these steps:
https://weakdh.org/sysadmin.html

I know how to exclude some cipher suites:
https://www.eclipse.org/jetty/javadoc/jetty-11/org/eclipse/jetty/util/ssl/SslContextFactory.html#addExcludeCipherSuites(java.lang.String...)

However, I haven't found a way of telling Jetty to use new DH parameters generated with "openssl dhparam -out dhparams.pem 2048". Where can I cleanly override that?

Best regards.

Follow-Ups:
- Re: [jetty-users] How to use a stronger Diffie Hellman group in Jetty?
  - From: Travis Spencer

Prev by Date: Re: [jetty-users] Question about Jetty SNI functionality
Next by Date: Re: [jetty-users] How to use a stronger Diffie Hellman group in Jetty?
Previous by thread: [jetty-users] Question about Jetty SNI functionality
Next by thread: Re: [jetty-users] How to use a stronger Diffie Hellman group in Jetty?
Index(es):
- Date
- Thread

Breadcrumbs