>> I'm using Mozilla's "Old backward compatibility" ssl_ciphers so I feel >> good about my compatibility there, but does the following open me up >> to potential compatibility problems: >> >> # openssl dhparam -out dhparams.pem 2048 > > > DHE params larger than 1024 bits are not compatible with java 6/7 clients. > If you need compatibility with those clients, use a DHE of 1024 bits, or > disable DHE entirely.
My server is open to the internet so I'd like to maintain compatibility with as many clients as possible, but I don't serve any java apps. Given that, will DHE params larger than 1024 bits affect my compatibility? If so, I believe a DHE of 1024 bits opens me to the LogJam attack, so if I disable DHE entirely will that affect my compatibility? - Grant _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
