diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5be1bc2f5a..d762a3f541 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,6 +1,8 @@
 Broker:
 - Fix websockets connections on Windows blocking subsequent connections.
   Closes #1934.
+- Fix DH group not being set for TLS connections, which meant ciphers using
+  DHE couldn't be used. Closes #1925. Closes #1476.
 
 Apps:
 - Fix `mosquitto_passwd -U`
diff --git a/src/net.c b/src/net.c
index b4cfdcb758..b274458233 100644
--- a/src/net.c
+++ b/src/net.c
@@ -373,6 +373,9 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
 	SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
 #endif
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	SSL_CTX_set_dh_auto(listener->ssl_ctx, 1);
+#endif
 
 #ifdef SSL_OP_NO_RENEGOTIATION
 	SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);