From 026ba7cdac0868834ba63116b2d7d0a2793f4439 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Sun, 18 Jun 2017 21:30:59 -0400 Subject: [PATCH] Added DHParam compatibility note --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 3ad39f9..df3e838 100644 --- a/README.md +++ b/README.md @@ -184,6 +184,11 @@ at startup. Since it can take minutes to generate a new `dhparam.pem`, it is do background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx is reloaded. This generation process only occurs the first time you start `nginx-proxy`. +> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some +> older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these +> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit +> key on startup by passing `-e DHPARAM_BITS=1024`. + #### Wildcard Certificates Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.