faster better dhparams that actually get used

bundles/nginx/files/nginx.conf

@@ -21,6 +21,7 @@ http {
     server_names_hash_bucket_size 128;
     tcp_nopush on;
     client_max_body_size 32G;
+    ssl_dhparam "/etc/nginx/dhparams.pem";
 
     % if node.has_bundle('php'):
     upstream php-handler {

bundles/nginx/items.py

@@ -76,7 +76,7 @@ files = {
 
 actions = {
     'nginx-generate-dhparam': {
-        'command': 'openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048',
+        'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
         'unless': 'test -f /etc/ssl/certs/dhparam.pem',
     },
 }