DHE

DHE

[1] Deprecate DHE-based ciphers - Chrome Platform Status ( ()) <https://www.chromestatus.com/feature/5752033759985664>

Last year, we raised the minimum TLS Diffie-Hellman group size from 512-bit to 1024-bit. As mentioned then, 1024-bit is insufficient for the long-term. However, metrics report that around 95% of DHE connections seen by Chrome use 1024-bit DHE. This, compounded with how DHE is negotiated in TLS, makes it difficult to move past 1024-bit. Servers should upgrade to ECDHE if available. Otherwise, ensure a plain-RSA cipher suite is enabled.

[2] Issue 598109 - chromium - Deprecate DHE-based ciphers - Monorail ( ()) <https://bugs.chromium.org/p/chromium/issues/detail?id=598109>

[3] Issue 619194 - chromium - Remove DHE-based ciphers - Monorail ( ()) <https://bugs.chromium.org/p/chromium/issues/detail?id=619194>