Research if generation speed of Diffie-Hellman parameters for SSL can be improved w/o compromising on security.
Idea: adding `-dsaparam` to openssl
> If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.
Background: The currently used `/usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 4096` takes its fine time, especially running on VMs, which is a hindrance in setting up new dev/test machines with playbooks containing this step.
Reads:
* https://security.stackexchange.com/a/95184
* https://news.ycombinator.com/item?id=10391576
* https://security.stackexchange.com/a/54367