Hi,

Nginx offers a possibility to import DH parameters (prime p and generator g) from external file. The parameters (p and g) have to be generated with "openssl dpharam." In the default setting, openssl calculates strong primes and uses either 2 or 5 as generator. The private exponent in modular exponentiation is then very long, its bit representation is comparable in length to the prime modulus, e.g. 2047 bits with 2048 bits long modulus. However, there is an extra option in openssl dhparam to generate DSA type parameters for Diffie-Hellman key exchange. The main advantage is that the recommended exponent length is much shorter, e.g. 224 or 256 bits with 2048 bits long modulus. The length of the exponent has direct impact on computational complexity because it determines the number of multiplications and squarings in modular exponentiation. For example, one could go down from 2048 multiplications and squarings to 256 or 224.

At the moment, nginx passes only p and g parameters to SSL. It would be nice to pass also the recommended exponent length to openssl via dh->length provided that the recommended-private-length is present in pem file. For the recommended-private-length parameter to be present in PEM file, the DH parameters have to be generated with "openssl dhparam -dsaparam"