"Traditional finite-field-based Diffie-Hellman (DH) key exchange during the Transport Layer Security (TLS) handshake suffers from a number of security@ interoperability@ and efficiency shortcomings. These shortcomings arise from lack of clarity about which DH group parameters TLS servers should offer and clients should accept. This document offers a solution to these shortcomings for compatible peers by using a section of the TLS ""Supported Groups Registry"" (renamed from ""EC Named Curve Registry"" by this document) to establish common finite field DH parameters with known structure and a mechanism for peers to negotiate support for these groups. This document updates TLS versions 1.0 (RFC 2246)@ 1.1 (RFC 4346)@ and 1.2 (RFC 5246)@ as well as the TLS Elliptic Curve Cryptography (ECC) extensions (RFC 4492). "