From a10d1b50bf7859d5b2c156c7a2a75192b12541d1 Mon Sep 17 00:00:00 2001
From: Kuo-Cheng Yeu <kmd@mikuru.tw>
Date: Thu, 21 May 2015 15:19:58 +0800
Subject: [PATCH] add support for ssl_dhparams to prevent 'Logjam' attack

---
 nginx.tmpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index e7a4542..50574c4 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -105,6 +105,10 @@ server {
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
 
+    {{ if (exists (printf "/etc/nginx/certs/%s.dhparams.pem" $cert)) }}
+    ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparams.pem" $cert }};
+    {{ end }}
+
 	add_header Strict-Transport-Security "max-age=31536000";
 
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}