[gnutls-help] dh parameters

Gregory Sloop gregs at sloop.net
Wed Aug 28 07:39:49 CEST 2019

For some applications - say OpenVPN servers - I need a dh.pem [dh parameters file]
It looks like GNUTLS doesn't have the option to generate dh params like OpenSSL does, but has the following as a option:
certtool --get-dh-params --outfile dh.pem --sec-param ultra

1) Will that ^^ do what I want?

2) So, is there any difference between that and the openssl command to generate dh params?
openssl dhparam -out /config/auth/dh.pem 4096

3) If the certtool example above isn't adequate, is there a good way to accomplish what I want in certtool, or otherwise?

4) Can someone point me to something that might be accessible to a mere mortal [i.e. non-cryptographer] for explanation? :)

#1 and 3 are the most important for me to get answers to.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20190827/ca7c4d65/attachment.html>

More information about the Gnutls-help mailing list