Diffie-Hellman key exchange

The operation of Diffie-Hellman (DH) key exchange is best illustrated by an example. Suppose a rogue employee stole your server certificate private key and you reissue the certificate with a new key pair. If the employee recorded the historical traffic encoded with the now-stolen key, the employee could decrypt that recorded traffic. DH key exchange provides forward security, preventing someone with a stolen key from decrypting traffic encrypted with it in the past.

Enabling Diffie-Hellman key exchange

Generate a Diffie-Hellman key of 1,024 bits. Specify dh_file= under the [listen_tls_n] section in the SyslogDefender configuration file.

Related topics

Planning

SSL-TLS-overview


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*