Closed vlejd closed 1 year ago
While there are reasonable reasons to generate custom diffie hellman parameters (to prevent an attacker from amortizing precomputation costs across many potential targets), they are public parameters and are not secret; no direct security risk exists as a result of their reissue.
This image always uses the same /etc/nginx/dhparams.pem without regenerating them. This seems like a potential easy to miss security hole for all people that used this to host a webside.