Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.

Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out.
author: Guilhem Moulin <guilhem@fripost.org> 2016-05-18 17:55:40 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-05-18 17:55:44 +0200
commit: cda53ea254de51eb46cb0f53f7d33b9a0f794bfc (patch)
tree: e23452acbeb0f233a323ebac0abdc9c8d3dd9d1d /roles/common-web
parent: 5425ed1ffa2953abdfdc819841665260dd38701d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common-web/files/etc/nginx/snippets/ssl.conf b/roles/common-web/files/etc/nginx/snippets/ssl.conf
index 1d40ce6..4af4d53 100644
--- a/roles/common-web/files/etc/nginx/snippets/ssl.conf
+++ b/roles/common-web/files/etc/nginx/snippets/ssl.conf
@@ -11,7 +11,7 @@ ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
 
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
-ssl_dhparam /etc/ssl/private/dhparams.pem;
+ssl_dhparam /etc/ssl/dhparams.pem;
 
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
author	Guilhem Moulin <guilhem@fripost.org>	2016-05-18 17:55:40 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-05-18 17:55:44 +0200
commit	cda53ea254de51eb46cb0f53f7d33b9a0f794bfc (patch)
tree	e23452acbeb0f233a323ebac0abdc9c8d3dd9d1d /roles/common-web
parent	5425ed1ffa2953abdfdc819841665260dd38701d (diff)