Main Content

Improve Startup Time When Security Is Activated

When a server instance is configured to use HTTPS, it generates an ephemeral DH key at startup. Generating the DH key at startup provides more security than reading it from a file on disk. However, this can add a couple of minutes to a server instance’s startup time.

If you need the server instance to start up without delay and are not concerned about the loss of security, you can configure the server instance to read the ephemeral DH key from a file using the ssl-tmp-dh-param configuration property. The ssl-tmp-dh-param property specifies the file storing the DH key in PEM format.

See Also

Related Topics