https://quicktasks.ismael.casimpan.com/tags/ssllabs/Recent content in ssllabs on IT QuicktasksHugo -- gohugo.ioCopyright © 2018–2022, Ismael Casimpan Jr.; All Rights ReservedSun, 07 Jun 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/weak-deffie-hellman-ratedb-ssllabs/Sun, 07 Jun 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/weak-deffie-hellman-ratedb-ssllabs/ You can fix it by creating .a 'dhparam' file as follows in nginx: 1cd /etc/ssl/certs 2openssl dhparam -dsaparam -out ./dhparam.pem 4096 NOTE: "-dsaparam" is significant. Otherwise, it would take creation of dhparam.pem almost 24hours or more. See https://security.stackexchange.com/questions/95178/diffie-hellman-parameters-still-calculating-after-24-hours then add this to nginx config 1ssl_dhparam /etc/ssl/certs/dhparam.pem;