Generating the dhparameter files

From InterBase
Jump to: navigation, search

Go Up to Setting up the Server Side


As mentioned above, to use OTW, the server also requires two DH (Diffie-Hellman) parameter files. These are located at <install_directory>/secure/server and are called dh512.pem and dh1024.pem, respectively. InterBase uses the DH key exchange protocol to establish a SSL connection, be it DSA- or RSA-based. InterBase also uses ephemeral mode to ensure forward secrecy.

You are encouraged to generate your own DH parameter files, if you want these files to be unique to your installation. Otherwise, the default ones provided by InterBase will be used. In order for the InterBase server to make successful SSL connections, these files are required.

To create the dhparameter files, use the following commands: 

openssl dhparam -check -text -5 512 -out dh512.pem
openssl dhparam -check -text -5 1024 -out dh1024.pem

After generating the files, copy them to the <install_directory>/secure/server directory.

Retrieved from "https://docwiki.embarcadero.com/InterBase/XE7/e/index.php?title=Generating_the_dhparameter_files&oldid=21347"