ECDH – Elliptic Curve Diffie-Hellman

Generate 4096 bit DH key

openssl dhparam -out /etc/ssl/certs/dhparams.pem 4096 

Apache configuration

SSLEngine on
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparams.pem"
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves secp521r1:secp384r1 

See also

• SSL Labs Test: Rating 100% A+ (german)