Skip to content

Commit ca81e13

Browse files
mkageniusmkagenius
authored
Update https.md
1 parent 7c63387 commit ca81e13

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

https.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ To solve that problem browser like Chrome, Firefox, Safari etc. come embedded wi
5454
ssl_protocols TLSv1.1 TLSv1.2;
5555
```
5656

57-
- [ ] Default Diffie-Hellman parameter used by nginx is only 1024 bits which is considered not so secure. Also, it is same for all nginx users who uses the default config. It is estimated that an academic team can break 768-bit primes and that a nation-state could break a 1024-bit prime. By breaking one 1024-bit prime, one could eavesdrop on 18 percent of the top one million HTTPS domains, so do not use the default DH parameter, locally generate the parameter for more security, also use higher number of bits.
57+
- [ ] Default Diffie-Hellman parameter used by nginx is only 1024 bits which is considered not so secure. Also, it is same for all nginx users who use the default config. It is estimated that an academic team can break 768-bit primes and that a nation-state could break a 1024-bit prime. By breaking one 1024-bit prime, one could eavesdrop on 18 percent of the top one million HTTPS domains, so do not use the default DH parameter, locally generate the parameter for more security, also use higher number of bits.
5858
```shell
5959
$ cd /etc/ssl/certs
6060
$ openssl dhparam -out dhparam.pem 4096

0 commit comments

Comments
 (0)