From 9906617aa1f60a5a0fec8de73d4c2b34cd5a1278 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 4 Jun 2020 18:41:05 +0200
Subject: [PATCH] Add comments about where the DH param comes from

---
 data/templates/nginx/security.conf.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/templates/nginx/security.conf.inc b/data/templates/nginx/security.conf.inc
index e221dc0ff..9de40f9cf 100644
--- a/data/templates/nginx/security.conf.inc
+++ b/data/templates/nginx/security.conf.inc
@@ -15,6 +15,8 @@ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
 ssl_prefer_server_ciphers off;
 
 # Pre-defined FFDHE group (RFC 7919)
+# From https://ssl-config.mozilla.org/ffdhe2048.txt
+# https://security.stackexchange.com/a/149818
 ssl_dhparam /etc/ssl/dh2048.pem;
 
 # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners