

Getting A+ on SSLLabs with Nginx and StartSSL - mijndert
https://mijndertstuij.nl/getting-a-on-ssllabs-with-nginx-startssl/

======
ivanr
I would recommend that you reduce the DH parameter strength to 2048 bits.
You're not noticing it now because most clients end up using ECDHE, but
4096-bit DH parameters are _very_ slow and yet don't provide any meaningful
increase in security.

~~~
mijndert
I'll look into that. Thanks!

