Diffie-Hellman Key Exchange is a way to securely share encryption keys publicly between two parties. It's used in TLS and SSL connections to provide Perfect Forward Secrecy. Unfortunately, default DH parameters distributed with applications are suspectible to a downgrade attack.
The debops.dhparam Ansible role will generate a set of strong
Diffie-Hellman parameters on Ansible Controller, which will be preseeded on
remote hosts, and will be ready to use by other applications. A separate
script can then be used on remote hosts in the background to generate new
random DH parameters, either once or in regular intervals.
debops.secret
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
dhparam role was written by:
License: GPLv3
This role is part of the DebOps project. README generated by ansigenome.