diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml
index cf1f6fb16f..2887e69508 100644
--- a/playbooks/roles/haproxy_server/defaults/main.yml
+++ b/playbooks/roles/haproxy_server/defaults/main.yml
@@ -71,6 +71,7 @@ haproxy_bind_on_non_local: False
 
 ## haproxy SSL
 haproxy_ssl: no
+haproxy_ssl_dh_param: 2048
 haproxy_ssl_self_signed_regen: no
 haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert
 haproxy_ssl_key: /etc/ssl/private/haproxy.key
diff --git a/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2 b/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
index 9f007ec0b0..f0c6fbad6d 100644
--- a/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
+++ b/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
@@ -10,6 +10,7 @@ global
         maxconn 4096
         tune.bufsize 384000
         stats socket /var/run/haproxy.stat level admin mode 600
+        {% if haproxy_ssl | bool %}tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}{% endif %}
 
 defaults
         log global