Hmm ... "the default DH parameters that are used during the SSL/TLS handshake when
ephemeral Diffie-Hellman (DHE) key exchange is used" so the documentation agrees that this is for the DHE.
But as mentioned so far I fail to put something in there that makes testssl to report 1024 bit.
./testssl.sh --pfs 10.253.194.137:443
...
DH group offered: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits)
Hmm ... "the default DH parameters that are used during the SSL/TLS handshake when
ephemeral Diffie-Hellman (DHE) key exchange is used" so the documentation agrees that this is for the DHE.
But as mentioned so far I fail to put something in there that makes testssl to report 1024 bit.
./testssl.sh --pfs 10.253.194.137:443
...
DH group offered: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits)