Fix website weak key exchange
The website uses a 2048 bit certificate, but when PFS ciphers are used(DHE), the key-exchange is limited to 1024 bits, because the DH parameters are configured to 1024 bits.
https://www.ssllabs.com/ssltest/analyze.html?d=torproject.org
(If it's possible, please enable OCSP stapling was well.)
Trac:
Username: UserUnknown