== Pre-defined DHE groups ==
In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [https://weakdh.org
/ logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in [https://tools.ietf.org/html/rfc2409#section-6.2 rfc2409].
For this reason, the use of this group is considered unsafe and you should either:
It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a
standardized one when setting up a new server, as advised by the [https://weakdh.org logjam] authors.
== DHE and ECDHE support ==