From 042e3297e2fa7b568e39354dedace4b26ea9b297 Mon Sep 17 00:00:00 2001
From: Rafael dos Santos Silva <xfalcox@gmail.com>
Date: Thu, 22 Dec 2016 14:54:21 -0200
Subject: [PATCH] Use a 2048 dhparam again

4096 takes 16x as long, we can't allow several hours installs

https://meta.discourse.org/t/prime-calculation-for-openssl-just-goes-on/54653/5?u=falco
---
 templates/web.ssl.template.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index 17cadad..b1ce928 100644
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -3,7 +3,7 @@ run:
      cmd:
        # Generate strong Diffie-Hellman parameters
        - "mkdir -p /shared/ssl/"
-       - "[ -e /shared/ssl/dhparams.pem ] || openssl dhparam -out /shared/ssl/dhparams.pem 4096"
+       - "[ -e /shared/ssl/dhparams.pem ] || openssl dhparam -out /shared/ssl/dhparams.pem 2048"
   - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server.+{/
-- 
2.25.1