Data Center use of Static Diffie-Hellman in TLS 1.3

Document Type Expired Internet-Draft (individual)
Authors Matthew Green  , Ralph Droms  , Russ Housley  , Paul Turner  , Steve Fenter 
Last updated 2018-01-04 (latest revision 2017-07-03)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Unlike earlier versions of TLS, current drafts of TLS 1.3 have instead adopted ephemeral-mode Diffie-Hellman and elliptic-curve Diffie-Hellman as the primary cryptographic key exchange mechanism used in TLS. This document describes an optional configuration for TLS servers that allows for the use of a static Diffie-Hellman private key for all TLS connections made to the server. Passive monitoring of TLS connections can be enabled by installing a corresponding copy of this key in each monitoring device.


Matthew Green (
Ralph Droms (
Russ Housley (
Paul Turner (
Steve Fenter (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)