diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f009a3169b..6742925f2a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -71,7 +71,6 @@ int main(void)
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_RECSPLIT            -1
-#define DFL_DHMLEN              -1
 #define DFL_RECONNECT           0
 #define DFL_RECO_SERVER_NAME    NULL
 #define DFL_RECO_DELAY          0
@@ -234,13 +233,6 @@ int main(void)
 #define USAGE_MAX_FRAG_LEN ""
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
-#if defined(MBEDTLS_DHM_C)
-#define USAGE_DHMLEN \
-    "    dhmlen=%%d           default: (library default: 1024 bits)\n"
-#else
-#define USAGE_DHMLEN
-#endif
-
 #if defined(MBEDTLS_SSL_ALPN)
 #define USAGE_ALPN \
     "    alpn=%%s             default: \"\" (disabled)\n"   \
@@ -433,7 +425,6 @@ int main(void)
     USAGE_GROUPS                                            \
     USAGE_SIG_ALGS                                          \
     USAGE_EARLY_DATA                                        \
-    USAGE_DHMLEN                                            \
     USAGE_KEY_OPAQUE_ALGS                                   \
     "\n"
 
@@ -508,7 +499,6 @@ struct options {
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int trunc_hmac;             /* negotiate truncated hmac or not          */
     int recsplit;               /* enable record splitting?                 */
-    int dhmlen;                 /* minimum DHM params len in bits           */
     int reconnect;              /* attempt to resume session                */
     const char *reco_server_name;     /* hostname of the server (re-connect)     */
     int reco_delay;             /* delay in seconds before resuming session */
@@ -956,7 +946,6 @@ int main(int argc, char *argv[])
     opt.mfl_code            = DFL_MFL_CODE;
     opt.trunc_hmac          = DFL_TRUNC_HMAC;
     opt.recsplit            = DFL_RECSPLIT;
-    opt.dhmlen              = DFL_DHMLEN;
     opt.reconnect           = DFL_RECONNECT;
     opt.reco_server_name    = DFL_RECO_SERVER_NAME;
     opt.reco_delay          = DFL_RECO_DELAY;
@@ -1388,11 +1377,6 @@ usage:
             if (opt.recsplit < 0 || opt.recsplit > 1) {
                 goto usage;
             }
-        } else if (strcmp(p, "dhmlen") == 0) {
-            opt.dhmlen = atoi(q);
-            if (opt.dhmlen < 0) {
-                goto usage;
-            }
         } else if (strcmp(p, "query_config") == 0) {
             opt.query_config_mode = 1;
             query_config_ret = query_config(q);
@@ -1898,12 +1882,6 @@ usage:
     }
 #endif
 
-#if defined(MBEDTLS_DHM_C)
-    if (opt.dhmlen != DFL_DHMLEN) {
-        mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
-    }
-#endif
-
 #if defined(MBEDTLS_SSL_ALPN)
     if (opt.alpn_string != NULL) {
         if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d9e57018ae..dc7ca8f51c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -58,7 +58,6 @@ int main(void)
 #endif
 
 #include "mbedtls/pk.h"
-#include "mbedtls/dhm.h"
 
 /* Size of memory to be allocated for the heap, when using the library's memory
  * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
@@ -127,7 +126,6 @@ int main(void)
 #define DFL_EARLY_DATA          -1
 #define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1)
 #define DFL_SIG_ALGS            NULL
-#define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
 #define DFL_COOKIES             1
 #define DFL_ANTI_REPLAY         -1
@@ -192,9 +190,7 @@ int main(void)
     "                        note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
     "                              preloaded certificate(s) and key(s) are used if available\n" \
     "    key_pwd2=%%s         Password for key specified by key_file2 argument\n" \
-    "                        default: none\n" \
-    "    dhm_file=%%s        File containing Diffie-Hellman parameters\n" \
-    "                       default: preloaded parameters\n"
+    "                        default: none\n"
 #else
 #define USAGE_IO \
     "\n"                                                    \
@@ -675,7 +671,6 @@ struct options {
     const char *groups;         /* list of supported groups                 */
     const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */
     const char *alpn_string;    /* ALPN supported protocols                 */
-    const char *dhm_file;       /* the file with the DH parameters          */
     int extended_ms;            /* allow negotiation of extended MS?        */
     int etm;                    /* allow negotiation of encrypt-then-MAC?   */
     int transport;              /* TLS or DTLS?                             */
@@ -1590,9 +1585,6 @@ int main(int argc, char *argv[])
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     ssl_async_key_context_t ssl_async_keys;
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    mbedtls_dhm_context dhm;
-#endif
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_context cache;
 #endif
@@ -1681,9 +1673,6 @@ int main(int argc, char *argv[])
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     memset(&ssl_async_keys, 0, sizeof(ssl_async_keys));
 #endif
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    mbedtls_dhm_init(&dhm);
-#endif
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_init(&cache);
 #endif
@@ -1793,7 +1782,6 @@ int main(int argc, char *argv[])
     opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
 #endif
     opt.sig_algs            = DFL_SIG_ALGS;
-    opt.dhm_file            = DFL_DHM_FILE;
     opt.transport           = DFL_TRANSPORT;
     opt.cookies             = DFL_COOKIES;
     opt.anti_replay         = DFL_ANTI_REPLAY;
@@ -1943,8 +1931,6 @@ usage:
             opt.key_file2 = q;
         } else if (strcmp(p, "key_pwd2") == 0) {
             opt.key_pwd2 = q;
-        } else if (strcmp(p, "dhm_file") == 0) {
-            opt.dhm_file = q;
         }
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
         else if (strcmp(p, "async_operations") == 0) {
@@ -2787,21 +2773,6 @@ usage:
                    key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none");
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    if (opt.dhm_file != NULL) {
-        mbedtls_printf("  . Loading DHM parameters...");
-        fflush(stdout);
-
-        if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) {
-            mbedtls_printf(" failed\n  ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-
-        mbedtls_printf(" ok\n");
-    }
-#endif
-
 #if defined(SNI_OPTION)
     if (opt.sni != NULL) {
         mbedtls_printf("  . Setting up SNI information...");
@@ -3269,22 +3240,6 @@ usage:
     }
 #endif
 
-#if defined(MBEDTLS_DHM_C)
-    /*
-     * Use different group than default DHM group
-     */
-#if defined(MBEDTLS_FS_IO)
-    if (opt.dhm_file != NULL) {
-        ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm);
-    }
-#endif
-    if (ret != 0) {
-        mbedtls_printf("  failed\n  mbedtls_ssl_conf_dh_param returned -0x%04X\n\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-#endif
-
     if (opt.min_version != DFL_MIN_VERSION) {
         mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
     }
@@ -4284,10 +4239,6 @@ exit:
 #endif
 #endif
 
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
-    mbedtls_dhm_free(&dhm);
-#endif
-
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
         if (ssl_async_keys.slots[i].pk_owned) {