Skip to content

Commit

Permalink
use a hardcoded elliptic curve for DH
Browse files Browse the repository at this point in the history
  • Loading branch information
@mjmeijerman
mjmeijerman committed Jan 8, 2024
1 parent e9b4e2c commit 6a63358
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 4 deletions.
13 changes: 13 additions & 0 deletions files/ffdhe4096.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----
12 changes: 8 additions & 4 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,14 @@
- sites-available
- sites-enabled

- name: Generate Diffie-Hellman parameters
command: "openssl dhparam -dsaparam -out /etc/nginx/dh{{ nginx_dhparam_bits }}.pem {{ nginx_dhparam_bits }}"
args:
creates: "/etc/nginx/dh{{ nginx_dhparam_bits }}.pem"
- name: Copy dhparam file
copy:
src: ffdhe4096.pem
dest: /etc/nginx/dh{{ nginx_dhparam_bits }}.pem
owner: root
group: root
mode: 0644
notify: Restart nginx

- name: Write nginx.conf
template:
Expand Down

0 comments on commit 6a63358

Please sign in to comment.