Use standard Diffie-Hellman parameters
Currently it's recommended to generate own set of DH parameters for Gajim. But probably most user will ignore this warning, therefor it's better to provide safe default DH parameters.
The current parameters in data/other/dh4096.pem have been generated with OpenSSL. But this generation process is based on random numbers and can't be reproduced.
The OpenSSL command
dhparam -check will write a warning
$ openssl dhparam -in dh4096.pem -noout -check the g value is not a generator
This is by design of the OpenSSL checker and IETF MODP Group. Comment from Stack Overflow Actually, there is no major difference between p≡23 (mod 24) vs p≡11 (mod 24); any minor difference boils down to "do you prefer the DH shared secret to be limited to half the possible values; or do you prefer to leak a bit of the secret exponents?". OpenSSL prefers to leak one bit; the RFC 3526 designers decided they preferred to limit the possible values.