Research if generation speed of Diffie-Hellman parameters for SSL can be improved w/o compromising on security.
Idea: adding -dsaparam to openssl
If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.
Background: The currently used /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 4096 takes its fine time, especially running on VMs, which is a hindrance in setting up new dev/test machines with playbooks containing this step.