Section: OpenSSL (1SSL)
DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.
The program dhparam combines the functionality of the programs dh and gendh in previous versions of OpenSSL and SSLeay. The dh and gendh programs are retained for now but may have different purposes in future versions of OpenSSL.
PEM format DH parameters use the header and footer lines:
-----BEGIN DH PARAMETERS----- -----END DH PARAMETERS-----
OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.
The dhparam command was added in OpenSSL 0.9.5. The -dsaparam option was added in OpenSSL 0.9.6.
Tutoriais de Tecnologia Web