From d9bcaa6c7a240c6463c079e99e321c9ed86d3b45 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 24 Mar 2020 17:32:19 +0100
Subject: [PATCH] install_nginx.sh: generate DH parameters with option
 '-dsaparam' - no security risk but even faster.

---
 install_nginx.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install_nginx.sh b/install_nginx.sh
index c6e70f3..e034f24 100755
--- a/install_nginx.sh
+++ b/install_nginx.sh
@@ -230,7 +230,7 @@ else
 			_failed=true
 		fi
 	fi
-	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 >> ${log_file}  2>&1
+	openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 >> ${log_file}  2>&1
 	if [[ $? -ne 0 ]] ; then
 		_failed=true
 	fi
@@ -298,7 +298,7 @@ server {
    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #
    # To generate a dhparam.pem file, run in a terminal
-   #    openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
+   #    openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
    #
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;