Skip to content

internetstandards/dhe_groups

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ffdhe3072.pem
ffdhe3072.pem
 
 
ffdhe4096.pem
ffdhe4096.pem
 
 

Repository files navigation

Pre-defined DHE groups

This repository contains .pem files for the following finite field groups for DHE as standardised by IETF RFC 7919:

  • ffdhe4096
  • ffdhe3072

These can be used for configuration of your TLS software. The associated checksums are also published in the test explanation of the 'Key exchange parameters' subtest on Internet.nl.

The repository does not contain .pem files for ffdhe2048 as it is 'Insufficient'. Besides, it does not contain .pem files for ffdhe8192 and ffdhe61441, as these are rarely used because of performance loss.

Testing with Internet.nl

With the Internet.nl test tool you can test if your web and mail server use these standardised finite field groups for DHE.

NCSC-NL TLS Guidelines

Internet.nl uses the 'Transport Layer Security (TLS), Security guidelines version 2025-05' from NCSC-NL as a baseline. NCSC-NL has assigned the following security levels to these groups (paragraph 3.3.3):

  • Phase out:

    • ffdhe8192 (rarely used because of performance loss)
    • ffdhe6144 (idem)
    • ffdhe4096 (RFC 7919)
      sha256 checksum: 64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
    • ffdhe3072 (RFC 7919)
      sha256 checksum: c410cc9c4fd85d2c109f7ebe5930ca5304a52927c0ebcb1a11c5cf6b2386bbab

  • Insufficient:

    • ffdhe2048
    • Other groups (i.e. not-standardised, self-generated)

About

.pem files for pre-defined DHE groups as recommended by IETF RFC 7919

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

21 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 1

NCSC-NL's TLS guidelines v2.1 Latest
Mar 6, 2026

Packages

 
 
 

Contributors