Enabling Perfect Forward Secrecy (PFS) with Hitch

In order to enable Diffie-Hellman based ciphers for Perfect Forward Secrecy (PFS) with Hitch, add these parameters to your existing bundle.pem:

openssl dhparam -rand - 2048 >> bundle.pem  

This would append random prime values into your bundle, and would take a bit of time, outputting something like (but much longer listing):

0 semi-random bytes loaded  
Generating DH parameters, 2048 bit long safe prime, generator 2  
This is going to take a long time  
.........+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+......................................................................................................................................................................................................................+..............................+.....................++*++*
comments powered by Disqus