diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 8095b43bd..d7c4743c2 100644
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -281,13 +281,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
-	if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
-			       params->dh_blob_len)) {
-		wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
-		tlsv1_cred_free(cred);
-		return -1;
-	}
-
 	if (tlsv1_client_set_cred(conn->client, cred) < 0) {
 		tlsv1_cred_free(cred);
 		return -1;
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d1ec415dc..553236b63 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3940,80 +3940,6 @@ static int tls_global_private_key(struct tls_data *data,
 }
 
 
-static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
-{
-#ifdef OPENSSL_NO_DH
-	if (dh_file == NULL)
-		return 0;
-	wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
-		   "dh_file specified");
-	return -1;
-#else /* OPENSSL_NO_DH */
-	DH *dh;
-	BIO *bio;
-
-	/* TODO: add support for dh_blob */
-	if (dh_file == NULL)
-		return 0;
-	if (conn == NULL)
-		return -1;
-
-	bio = BIO_new_file(dh_file, "r");
-	if (bio == NULL) {
-		wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
-			   dh_file, ERR_error_string(ERR_get_error(), NULL));
-		return -1;
-	}
-	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-	BIO_free(bio);
-#ifndef OPENSSL_NO_DSA
-	while (dh == NULL) {
-		DSA *dsa;
-		wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
-			   " trying to parse as DSA params", dh_file,
-			   ERR_error_string(ERR_get_error(), NULL));
-		bio = BIO_new_file(dh_file, "r");
-		if (bio == NULL)
-			break;
-		dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
-		BIO_free(bio);
-		if (!dsa) {
-			wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
-				   "'%s': %s", dh_file,
-				   ERR_error_string(ERR_get_error(), NULL));
-			break;
-		}
-
-		wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
-		dh = DSA_dup_DH(dsa);
-		DSA_free(dsa);
-		if (dh == NULL) {
-			wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
-				   "params into DH params");
-			break;
-		}
-		break;
-	}
-#endif /* !OPENSSL_NO_DSA */
-	if (dh == NULL) {
-		wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
-			   "'%s'", dh_file);
-		return -1;
-	}
-
-	if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
-		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
-			   "%s", dh_file,
-			   ERR_error_string(ERR_get_error(), NULL));
-		DH_free(dh);
-		return -1;
-	}
-	DH_free(dh);
-	return 0;
-#endif /* OPENSSL_NO_DH */
-}
-
-
 static int tls_global_dh(struct tls_data *data, const char *dh_file)
 {
 #ifdef OPENSSL_NO_DH
@@ -5225,12 +5151,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
-	if (tls_connection_dh(conn, params->dh_file)) {
-		wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
-			   params->dh_file);
-		return -1;
-	}
-
 	ciphers = params->openssl_ciphers;
 #ifdef CONFIG_SUITEB
 #ifdef OPENSSL_IS_BORINGSSL
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index cf482bfc3..f5cf85df3 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -420,44 +420,6 @@ static int tls_connection_set_subject_match(struct tls_connection *conn,
 }
 
 
-static int tls_connection_dh(struct tls_connection *conn, const char *dh_file,
-			     const u8 *dh_blob, size_t blob_len)
-{
-	if (!dh_file && !dh_blob)
-		return 0;
-
-	wolfSSL_set_accept_state(conn->ssl);
-
-	if (dh_blob) {
-		if (wolfSSL_SetTmpDH_buffer(conn->ssl, dh_blob, blob_len,
-					    SSL_FILETYPE_ASN1) < 0) {
-			wpa_printf(MSG_INFO, "SSL: use DH DER blob failed");
-			return -1;
-		}
-		wpa_printf(MSG_DEBUG, "SSL: use DH blob OK");
-		return 0;
-	}
-
-	if (dh_file) {
-		wpa_printf(MSG_INFO, "SSL: use DH PEM file: %s", dh_file);
-		if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file,
-					  SSL_FILETYPE_PEM) < 0) {
-			wpa_printf(MSG_INFO, "SSL: use DH PEM file failed");
-			if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file,
-						  SSL_FILETYPE_ASN1) < 0) {
-				wpa_printf(MSG_INFO,
-					   "SSL: use DH DER file failed");
-				return -1;
-			}
-		}
-		wpa_printf(MSG_DEBUG, "SSL: use DH file OK");
-		return 0;
-	}
-
-	return 0;
-}
-
-
 static int tls_connection_client_cert(struct tls_connection *conn,
 				      const char *client_cert,
 				      const u8 *client_cert_blob,
@@ -1289,12 +1251,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
-	if (tls_connection_dh(conn, params->dh_file, params->dh_blob,
-			      params->dh_blob_len) < 0) {
-		wpa_printf(MSG_INFO, "Error setting DH");
-		return -1;
-	}
-
 	if (params->openssl_ciphers &&
 	    wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
 		wpa_printf(MSG_INFO,