diff --git a/src/common/crypto.c b/src/common/crypto.c
index aeaabafb0c..790ea1646c 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -224,13 +224,15 @@ try_load_engine(const char *path, const char *engine)
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
  */
 int
-crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
+crypto_global_init(int useAccel, const char *accelName, const char *accelDir,
+                   int DynamicPrimes)
 {
   if (!_crypto_global_initialized) {
     ERR_load_crypto_strings();
     OpenSSL_add_all_algorithms();
     _crypto_global_initialized = 1;
     setup_openssl_threading();
+    use_dynamic_primes = DynamicPrimes;
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;
@@ -1815,6 +1817,8 @@ static BIGNUM *dh_param_p = NULL;
 static BIGNUM *dh_param_p_tls = NULL;
 /** Shared G parameter for our DH key exchanges. */
 static BIGNUM *dh_param_g = NULL;
+/** True if we use dynamic primes. */
+static int use_dynamic_primes = 0;
 
 /** Generate and return a reasonable and safe DH parameter p. */
 static BIGNUM *generate_rakshasa_prime(void)
@@ -1871,13 +1875,8 @@ init_dh_param(void)
   r = BN_set_word(g, generator);
   tor_assert(r);
 
-  /* Are we generating a random DH parameter?*/
-  log_notice(LD_OR, "Do we want to generate a Rakshasa prime?");
-  rakshasa = get_rakshasa();
-  log_notice(LD_OR, "We think: %i?", rakshasa);
-
   /* This implements the prime number strategy outlined in prop 179 */
-  if (rakshasa == 1) {
+  if (use_dynamic_primes) {
     rakshasa_prime = generate_rakshasa_prime();
   }
 
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 2929a2effb..99c52b1c42 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -87,7 +87,8 @@ typedef struct crypto_dh_env_t crypto_dh_env_t;
 /* global state */
 int crypto_global_init(int hardwareAccel,
                        const char *accelName,
-                       const char *accelPath);
+                       const char *accelPath,
+                       int DynamicPrimes);
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
diff --git a/src/or/config.c b/src/or/config.c
index 06d7d5c022..4766b24196 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -247,6 +247,7 @@ static config_var_t _option_vars[] = {
   VAR("DirServer",               LINELIST, DirServers, NULL),
   V(DisableAllSwap,              BOOL,     "0"),
   V(DisableIOCP,                 BOOL,     "1"),
+  V(DynamicPrimes,               BOOL,     "1"),
   V(DNSPort,                     LINELIST, NULL),
   V(DNSListenAddress,            LINELIST, NULL),
   V(DownloadExtraInfo,           BOOL,     "0"),
diff --git a/src/or/main.c b/src/or/main.c
index 7008d388a1..3c75e1c645 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2275,7 +2275,8 @@ tor_init(int argc, char *argv[])
 
   if (crypto_global_init(get_options()->HardwareAccel,
                          get_options()->AccelName,
-                         get_options()->AccelDir)) {
+                         get_options()->AccelDir,
+                         get_options()->DynamicPrimes)) {
     log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
     return -1;
   }
diff --git a/src/or/or.h b/src/or/or.h
index 67ba62bdd6..b2ea3bc7a7 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2873,6 +2873,8 @@ typedef struct {
   char *Address; /**< OR only: configured address for this onion router. */
   char *PidFile; /**< Where to store PID of Tor process. */
 
+  int DynamicPrimes; /**< Enable dynamic generation of primes for use in DH. */
+
   routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
                            * country codes and IP address patterns of ORs to
                            * consider as exits. */
diff --git a/src/or/router.c b/src/or/router.c
index b6b96a5fff..414d346bfa 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -514,7 +514,8 @@ init_keys(void)
    * openssl to initialize itself. */
   if (crypto_global_init(get_options()->HardwareAccel,
                          get_options()->AccelName,
-                         get_options()->AccelDir)) {
+                         get_options()->AccelDir,
+                         get_options()->DynamicPrimes)) {
     log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
     return -1;
   }
diff --git a/src/test/test.c b/src/test/test.c
index d4edf1484b..26a55d13f2 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1903,7 +1903,7 @@ main(int c, const char **v)
   }
 
   options->command = CMD_RUN_UNITTESTS;
-  if (crypto_global_init(0, NULL, NULL)) {
+  if (crypto_global_init(0, NULL, NULL, 1)) {
     printf("Can't initialize crypto subsystem; exiting.\n");
     return 1;
   }
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index 94c8cbd44c..55480b4881 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -31,7 +31,7 @@ main(int c, char **v)
     return 1;
   }
 
-  if (crypto_global_init(0, NULL, NULL)) {
+  if (crypto_global_init(0, NULL, NULL, 0)) {
     fprintf(stderr, "Couldn't initialize crypto library.\n");
     return 1;
   }
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 974a58becf..b9f16d9929 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -508,7 +508,7 @@ main(int argc, char **argv)
   init_logging();
 
   /* Don't bother using acceleration. */
-  if (crypto_global_init(0, NULL, NULL)) {
+  if (crypto_global_init(0, NULL, NULL, 0)) {
     fprintf(stderr, "Couldn't initialize crypto library.\n");
     return 1;
   }