From be107963a7dc931322ba90f7d40d5feb46dd13b2 Mon Sep 17 00:00:00 2001
From: Benjamin Freitag <benchonaut@yandex.com>
Date: Mon, 15 Jun 2020 04:22:58 +0200
Subject: [PATCH] update key length  , speed up dhparam generation

---
 generate-dhparam.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/generate-dhparam.sh b/generate-dhparam.sh
index 4099dde..03b828c 100755
--- a/generate-dhparam.sh
+++ b/generate-dhparam.sh
@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
-# The first argument is the bit depth of the dhparam, or 2048 if unspecified
-DHPARAM_BITS=${1:-2048}
+# The first argument is the bit depth of the dhparam, or 4096 if unspecified
+DHPARAM_BITS=${1:-4096}
 GENERATE_DHPARAM=${2:-true}
 
 # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
@@ -43,7 +43,7 @@ touch $GEN_LOCKFILE
 # Generate a new dhparam in the background in a low priority and reload nginx when finished (grep removes the progress indicator).
 (
     (
-        nice -n +5 openssl dhparam -out $DHPARAM_FILE.tmp $DHPARAM_BITS 2>&1 \
+        nice -n +5 openssl dhparam -dsaparam -out $DHPARAM_FILE.tmp $DHPARAM_BITS 2>&1 \
         && mv $DHPARAM_FILE.tmp $DHPARAM_FILE \
         && echo "dhparam generation complete, reloading nginx" \
         && nginx -s reload