Added dh1024 and dh2048 sites, in response to the logjam mess.

certs/dh1024.pem

@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJK00b6qK/4V0I3957Ms/HEymiq79cjUjGZnf5XIiPcbpmt8RCyj3nCE
+XwcuBQE1UvthNE0kPvF1zxvcVqJD0pBIcqqSgFr0VvD0KXzs9EHuAFPv3SVp30Qx
+6wxps3ipcu2rWcsznrOxlu/qr5QbxUCv9e0TqmJ9uc/+4NzYOGv7AgEC
+-----END DH PARAMETERS-----

certs/dh2048.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAkEMnd7CimroxGmWKEWZPWpbJ7YtMyzDciP44YvAudTR/LUXkUTX4
+dheDXjdvqxwX7ma+Y9gokQXZPizbMSswaKIw5ccefLADwP6VZhsMQRagCZGsPLET
+epdhATgU2NhO6RBpfdbqeoG4IgStL4qCbsrRlxuIuFA/D2QVJDTZAZY47vxvTR/I
+19rMA8EIvlI7L0dLlsL1PJDreBvHJOqcKGTDeyTqEwlaMY52VZ4FQ8Z9hCOvgRew
+KK07HS96O8KWT/V5FPb75R8gueQg+fSzDOrrNs2sbRUhgeFf3gMdGAJGS0mpFPpx
+qvrL/jiqqKvvDpTzcO9vF/pVVnwDv0rpuwIBAg==
+-----END DH PARAMETERS-----

domains/badssl.com/index.html

@@ -159,6 +159,8 @@
     <a href="https://subdomain.preloaded-hsts.badssl.com/" class="more bad">subdomain.<br>preloaded-hsts</a>
     <a href="https://dh480.badssl.com/" class="more bad">dh480</a>
     <a href="https://dh512.badssl.com/" class="more bad">dh512</a>
+    <a href="https://dh1024.badssl.com/" class="more dubious">dh1024</a>
+    <a href="https://dh2048.badssl.com/" class="more good">dh2048</a>
     <a href="https://incomplete-chain.badssl.com/" class="more orange">incomplete-chain</a>
     <a href="https://rc4-md5.badssl.com/" class="more neutral">rc4-md5</a>
     <div id="ua"></div>

domains/dh1024.badssl.com.conf

@@ -0,0 +1,17 @@
+server {
+  listen 80;
+  server_name dh1024.badssl.com;
+
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443;
+  server_name dh1024.badssl.com;
+
+  include /var/www/badssl/nginx-includes/wildcard.normal.conf;
+  include /var/www/badssl/nginx-includes/tls-dh1024.conf;
+  include /var/www/badssl/common/common.conf;
+
+  root /var/www/badssl/domains/dh1024.badssl.com;
+}

domains/dh1024.badssl.com/index.html

@@ -0,0 +1,55 @@
+<!doctype html>
+<html>
+<head>
+  <title>dh1024.badssl.com</title>
+  <link rel="shortcut icon" href="/icons/favicon-yellow.ico"/>
+  <link rel="apple-touch-icon" href="/icon-yellow.png"/>
+  <style>
+    html, body {
+      background: rgb(246, 207, 47);
+
+      margin: 0;
+      padding: 0;
+
+      height: 100%;
+      display: -webkit-flexbox;
+      display: -ms-flexbox;
+      display: -webkit-flex;
+      display: flex;
+      -webkit-align-items: center;
+      align-items: center;
+      -webkit-justify-content: center;
+      justify-content: center;
+    }
+    h1 {
+      color: white;
+      text-align: center;
+      font-family: "Source Code Pro", Monaco, Consolas, "Courier New", monospace, Impact;
+      font-size: 5em;
+      font-size: 9vw;
+      text-shadow:
+        0 0 20px rgba(255, 255, 255, 0.5),
+        0 0 40px rgba(255, 255, 255, 0.5),
+        0 0 60px rgba(255, 255, 255, 0.5);
+    }
+    .footer {
+      background: rgba(0, 0, 0, 0.25);
+
+      position: fixed;
+      width: 80vw;
+      bottom: 0;
+      left: 0;
+      padding: 2vh 10vw;
+
+      font-family: Helvetica, Tahoma, sans-serif;
+      text-align: center;
+      color: white;
+      font-size: 3vw;
+    }
+  </style>
+</head>
+<body>
+    <h1>dh1024.badssl.com</h1>
+    <div class="footer">This site uses an ephemeral Diffie-Hellman key exchange over a 1024-bit group.</div>
+</body>
+</html>

domains/dh2048.badssl.com.conf

@@ -0,0 +1,17 @@
+server {
+  listen 80;
+  server_name dh2048.badssl.com;
+
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443;
+  server_name dh2048.badssl.com;
+
+  include /var/www/badssl/nginx-includes/wildcard.normal.conf;
+  include /var/www/badssl/nginx-includes/tls-dh2048.conf;
+  include /var/www/badssl/common/common.conf;
+
+  root /var/www/badssl/domains/dh2048.badssl.com;
+}

domains/dh2048.badssl.com/index.html

@@ -0,0 +1,55 @@
+<!doctype html>
+<html>
+<head>
+  <title>dh2048.badssl.com</title>
+  <link rel="shortcut icon" href="/icons/favicon-green.ico"/>
+  <link rel="apple-touch-icon" href="/icon-green.png"/>
+  <style>
+    html, body {
+      background: green;
+
+      margin: 0;
+      padding: 0;
+
+      height: 100%;
+      display: -webkit-flexbox;
+      display: -ms-flexbox;
+      display: -webkit-flex;
+      display: flex;
+      -webkit-align-items: center;
+      align-items: center;
+      -webkit-justify-content: center;
+      justify-content: center;
+    }
+    h1 {
+      color: white;
+      text-align: center;
+      font-family: "Source Code Pro", Monaco, Consolas, "Courier New", monospace, Impact;
+      font-size: 5em;
+      font-size: 9vw;
+      text-shadow:
+        0 0 20px rgba(255, 255, 255, 0.5),
+        0 0 40px rgba(255, 255, 255, 0.5),
+        0 0 60px rgba(255, 255, 255, 0.5);
+    }
+    .footer {
+      background: rgba(0, 0, 0, 0.25);
+
+      position: fixed;
+      width: 80vw;
+      bottom: 0;
+      left: 0;
+      padding: 2vh 10vw;
+
+      font-family: Helvetica, Tahoma, sans-serif;
+      text-align: center;
+      color: white;
+      font-size: 3vw;
+    }
+  </style>
+</head>
+<body>
+    <h1>dh2048.badssl.com</h1>
+    <div class="footer">This site uses an ephemeral Diffie-Hellman key exchange over a 2048-bit group.</div>
+</body>
+</html>

nginx-includes/tls-dh1024.conf

@@ -0,0 +1,7 @@
+ssl_dhparam /var/www/badssl/certs/dh1024.pem;
+
+ssl_session_timeout 5m;
+
+ssl_protocols TLSv1.1 TLSv1.2;
+ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+ssl_prefer_server_ciphers on;

nginx-includes/tls-dh2048.conf

@@ -0,0 +1,7 @@
+ssl_dhparam /var/www/badssl/certs/dh2048.pem;
+
+ssl_session_timeout 5m;
+
+ssl_protocols TLSv1.1 TLSv1.2;
+ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+ssl_prefer_server_ciphers on;