From 6783665241f0e0284caeac524d58784a2c973f5a Mon Sep 17 00:00:00 2001
From: nono <np@laquadrature.net>
Date: Fri, 5 Mar 2021 15:00:57 +0100
Subject: [PATCH] Added DHE keyfile

---
 tasks/install-webserver.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tasks/install-webserver.yml b/tasks/install-webserver.yml
index 17a64ad..bc9067f 100644
--- a/tasks/install-webserver.yml
+++ b/tasks/install-webserver.yml
@@ -8,6 +8,16 @@
     group: www-data
     mode: 0644
 
+
+# Utilisation de cette clÃ© sur les recommendations de Mozilla https://wiki.mozilla.org/Security/Server_Side_TLS
+- name: TÃ©lÃ©chargement de la clÃ© ffdhe2048
+  get_url:
+    url: https://raw.githubusercontent.com/mozilla/ssl-config-generator/master/docs/ffdhe2048.txt
+    dest: /etc/ssl/ffdhe2048.pem
+    owner: root
+    group: root
+    mode: 0600
+
 - name: Activation de la configuration nginx pour HedgeDocs
   file:
     src: /etc/nginx/sites-available/hedgedocs-nginx.conf
-- 
GitLab