The reasonable solution would be to add the -dsaparam
option.
1 |
openssl dhparam -dsaparam -out /etc/ssl/private/dhparam.pem 4096 |
For comparison.
1 2 3 4 |
time openssl dhparam -dsaparam -out dhparam.pem 4096 Generating DSA parameters, 4096 bit long prime + openssl dhparam -dsaparam -out dhparam.pem 4096 4,42s user 0,15s system 99% cpu 4,574 total |
1 2 3 4 5 |
time openssl dhparam -out dhparam.pem 4096 Generating DH parameters, 4096 bit long safe prime, generator 2 This is going to take a long time + openssl dhparam -out dhparam.pem 4096 100,27s user 1,60s system 99% cpu 1:41,93 total |