Loading nixos/modules/security/dhparams.nix +74 −61 Original line number Diff line number Diff line Loading @@ -143,7 +143,19 @@ in }; }; config = lib.mkIf (cfg.enable && cfg.stateful) { config = lib.mkMerge [ (lib.mkIf cfg.enable { warnings = [ '' The `security.dhparam` module is deprecated and scheduled for removal in NixOS 26.11. Generating your own params has been shown to be problematic in RFC 7919 (2016). Remove any uses of DHE and migrate to ECDHE (RFC 8422, 2018) and Hybrid PQ (draft-ietf-tls-ecdhe-mlkem, 2026) key exchange algorithms. '' ]; }) (lib.mkIf (cfg.enable && cfg.stateful) { systemd.services = { dhparams-init = { description = "Clean Up Old Diffie-Hellman Parameters"; Loading Loading @@ -205,6 +217,7 @@ in ''; } ) cfg.params; }; }) ]; } Loading
nixos/modules/security/dhparams.nix +74 −61 Original line number Diff line number Diff line Loading @@ -143,7 +143,19 @@ in }; }; config = lib.mkIf (cfg.enable && cfg.stateful) { config = lib.mkMerge [ (lib.mkIf cfg.enable { warnings = [ '' The `security.dhparam` module is deprecated and scheduled for removal in NixOS 26.11. Generating your own params has been shown to be problematic in RFC 7919 (2016). Remove any uses of DHE and migrate to ECDHE (RFC 8422, 2018) and Hybrid PQ (draft-ietf-tls-ecdhe-mlkem, 2026) key exchange algorithms. '' ]; }) (lib.mkIf (cfg.enable && cfg.stateful) { systemd.services = { dhparams-init = { description = "Clean Up Old Diffie-Hellman Parameters"; Loading Loading @@ -205,6 +217,7 @@ in ''; } ) cfg.params; }; }) ]; }
