StartSSL and NGINX update

Previous post was this showing how to get an A+ rating on SSL Labs. It has changed a bit since then with the introduction of the Logjam. Here's how to get that B rating back to A+.

Create a unique DH group:

sudo openssl dhparam -out dhparams.pem 2048

Update your server block:

ssl_dhparam /var/www/site/dhparams.pem;

Reload NGINX and you're done.