Hi, Thanks for the response. I went through the documentation, it does specify the support of the custom and standard DH parameters. On the selection of the parameter the documentation says " hands them out to clients based on the length of the certificate's RSA/DSA key"
Where as per the RFC7919 (https://www.rfc-editor.org/rfc/rfc7919.html#page-8 ) - A compatible TLS server that receives the Supported Groups extension with FFDHE codepoints in it and that selects an FFDHE cipher suite MUST select one of the client's offered groups - if none of the client-proposed FFDHE groups are known and acceptable to the server, then the server MUST NOT select an FFDHE cipher suite - ... Is the server behavior then compliant to the specification? This information was not so clearly documented/ or couldn't be interpreted. Any help in this regard is highly appreciated. Regards, Pankaj On Wed, Sep 20, 2023 at 11:44 PM Will Fatherley <wefather...@gmail.com> wrote: > > It would be very helpful if someone can help in some way or some >> documentation link that gives some more information on RFC-7919 support in >> apache httpd server. >> > > Maybe you’re looking for mod_ssl— > https://httpd.apache.org/docs/2.4/mod/mod_ssl.html > >>