@@ -62,18 +62,10 @@
 #define TLS_PROTO_TLS1_3	0x20
 #define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))
 
 #define SSLKEYLOGFILE		"SSLKEYLOGFILE"
 
-/*
- * Static data structures
- */
-
-#ifndef OPENSSL_NO_DH
-#include "dh_params.h"
-#endif
-
 /*
  * Thread-Safe TLS Code
  */
 
 #ifdef TCL_THREADS
@@ -1910,15 +1902,21 @@
 	    if (!dh) {
 		Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *) NULL);
 		SSL_CTX_free(ctx);
 		return NULL;
 	    }
+	    SSL_CTX_set_tmp_dh(ctx, dh);
+	    DH_free(dh);
+
 	} else {
-	    dh = get_dhParams();
+	    /* Use well known DH parameters that have built-in support in OpenSSL */
+	    if (!SSL_CTX_set_dh_auto(ctx, 1)) {
+		Tcl_AppendResult(interp, "Could not enable set DH auto: ", REASON(), (char *) NULL);
+		SSL_CTX_free(ctx);
+		return NULL;
+	    }
 	}
-	SSL_CTX_set_tmp_dh(ctx, dh);
-	DH_free(dh);
     }
 #endif
 
     /* set our certificate */
     load_private_key = 0;