Space banner This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Diffie-Hellman key exchange

The operation of Diffie-Hellman (DH) key exchange is best illustrated by an example. Suppose a rogue employee stole your server certificate private key and you reissue the certificate with a new key pair. If the employee recorded the historical traffic encoded with the now-stolen key, the employee could decrypt that recorded traffic. DH key exchange provides forward security, preventing someone with a stolen key from decrypting traffic encrypted with it in the past.

Enabling Diffie-Hellman key exchange

Generate a Diffie-Hellman key of 1,024 bits. Specify dh_file= under the [listen_tls_n] section in the SyslogDefender configuration file.

Related topics

Planning

SSL-TLS-overview


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*