From 64e8603cf9790aa4419d0f2746671bd242e6344d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 26 May 2015 00:55:19 +0200
Subject: logjam mitigation.

---
 roles/common-web/files/etc/nginx/ssl/config | 1 +
 1 file changed, 1 insertion(+)

(limited to 'roles/common-web')

diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config
index 7deef29..26a64f4 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/ssl/config
@@ -12,6 +12,7 @@ ssl_session_cache           shared:SSL:5m;
 # other weaknesses.
 ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers                 HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
+ssl_dhparam                 /etc/ssl/private/dhparams.pem;
 ssl_prefer_server_ciphers   on;
 
 # Strict Transport Security header for enhanced security. See
-- 
cgit v1.2.3