dhparam

Diffie-Hellman Key Exchange is a way to securely share encryption keys publicly between two parties. It's used in TLS and SSL connections to provide Perfect Forward Secrecy. Unfortunately, the default DH parameters distributed with applications are susceptible to a downgrade attack.

The debops.dhparam Ansible role will generate a set of strong Diffie-Hellman parameters on the Ansible Controller, which will be preseeded on remote hosts, and will be ready to use by other applications. A separate script can then be used on remote hosts in the background to generate new random DH parameters, either once or in regular intervals.

Installation

This role requires at least Ansible v2.1.4. To install it, run:

ansible-galaxy install debops.dhparam

Documentation

More information about debops.dhparam can be found in the official debops.dhparam documentation.

Role dependencies

• debops.secret

Are you using this as a standalone role without DebOps?

You may need to include missing roles from the DebOps common playbook into your playbook.

Try DebOps now for a complete solution to run your Debian-based infrastructure.

Authors and license

• Maciej Delmanowski (maintainer) | e-mail | Twitter | GitHub
• Robin Schneider | e-mail | GitHub

License: GPL-3.0

---

This role is part of DebOps. README generated by ansigenome.