dh_parameters
Specifies the parameters required to encrypt and decrypt Diffie Hellman ciphers. If omitted, DH, ADH and EDH ciphers are disabled.
USYS$TLS_PARAMS=dh_parameters | dh_prm=DHParameterFile
Arguments
DHParameterFile—fully-qualified name a generated parameter file in PEM format.
Description
The TLS connector enables Diffie Hellman ciphers only if additional parameters are provided as a PEM file.
Note: DSA parameters can also be used as DH
parameters, so if DSA parameters are set using dsa_parameters, do not set DH
parameters. They will be ignored.
Generating the Parameter File
For example, to generate the Diffie Hellman parameter file, run the following command:
openssl dhparam -out dh1024.pem 1024
This generates the file dh1024.pem.
To use this file, specify
dh_parameters=dh1024.pem in your assignment file. For
example:
USYS$TLS_PARAMS dh_parameters=USYS:dh1024.pem
or
[NET_SETTINGS] DHEnc=dh_parameters=USYS:dh1024.pem
