Increase Diffie-Hellman key size in Plesk

Modified on Tue, 5 Oct, 2021 at 11:56 AM

Webservers and browsers can use the Diffie-Hellman key exchange method to establish secure connections. In some occassions, you may have insufficiently secure parameters for the Diffie-Hellman key exchange. While Plesk has a strong DH parameter by default, in some occassions you may want to increase the DH key exchange key size.


To increase the DH key size parameter, you will need root terminal access and you need to restart the webserver. This can be done using the following commands:


plesk sbin sslmng --strong-dh --dhparams-size=4096
systemctl restart httpd # Run this when you have Apache
systemctl restart nginx # Run this when you have Nginx
When you are unsure about which webserver you are using, it is safe to run both commands. One of the commands may return an error explaining that the service does not exist. You can ignore this safely. If a different error is returned, you will need to debug the issue. It is likely this issue already existed before increasing the Diffie-Hellman key exchange size.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article