This repository contains .pem files for pre-defined DHE groups as recommended by IETF RFC 7919 for:
ffdhe4096ffdhe3072ffdhe2048
With the Internet.nl test tool you can test if your web and mail server use these pre-defined groups for Diffie-Hellman key exchange.
Internet.nl uses the 'IT Security Guidelines for Transport Layer Security (TLS) v2.1' from NCSC-NL (in English) as a baseline. NCSC-NL has assigned the following security levels to these groups (guideline B6-1 and table 10):
- Sufficient:
ffdhe4096andffdhe3072 - Phase out:
ffdhe2048