Generating ephemeral parameters is an expensive experation. A common
approach is to pregenerate them in advance, and save them in
a secure file.
The low-level methods to export and import emphemeral
parameters are provided in the
x::gnutls::pkparams-referenced
object.
Another approach is to import a system-provided temporary parameter file
that gets periodically regenerated.
#include <x/gnutls/dhparams.H> x::gnutls::dhparams dh(x::gnutls::dhparams::create()); dh->import(); serverCert->set_dh_params(dh);
A system-wide process periodically generates new DH parameters
and saves them in the directory specified by the
x::gnutls::tlsparamsdir
property.
import() searches this directory for the first
file from the following list, and loads the parameters from the file:
user.,
USERNAME.dh*group.,
GROUPNAME.dh+system.dh.
*USERNAME is the process's
effective userid.
+GROUPNAME is the process's
effective group id. Additionally, any supplementary group ids
are also checked.