Re: DH group cipher suites getting rejected

[Salz, Rich via openssl-users]

  *   However if I try ECDHE, it works fine. Is DHE only cipher suites less 
common now ?
  *   I believe its responsibility of server to generate DHparam of large 
enough size.

Yes, DHE has dropped because it is hard to get right, and it takes more CPU 
cycles than ECDHE.

DH group cipher suites getting rejected

[Chitrang Srivastava]

Hi,

Why google rejected DH ciphers suites, I am trying
*openssl s_client -cipher 'DHE-RSA-AES128-GCM-SHA256' -connect
www.google.com:443 *
However if I try ECDHE, it works fine. Is DHE only cipher suites less
common now ?
I believe its responsibility of server to generate DHparam of large enough
size.

Thanks