Index: generic/gen_dh_params
==================================================================
--- generic/gen_dh_params
+++ generic/gen_dh_params
@@ -11,33 +11,80 @@
 			bits="`echo "${arg}" | cut -f 2 -d =`"
 			;;
 	esac
 done
 
-openssl_dhparam() {
+openssl_dhparam1() {
 	if openssl dhparam -C "$@" | sed	\
 	    -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/'	\
 	    -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'
 	then
 		return 0
 	fi
 
 	return 1
 }
+
+# OpenSSL 3.0 openssl-dhparam has no "-C" option, so we emulate it here
+openssl_dhparam3() {
+	if openssl dhparam -text 2048 | \
+	    sed -E -e '/^---/,/^---/d' \
+		-e '/(DH|prime|generator)/d' \
+		-e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \
+		-e generateddh.txt
+	then
+	else
+		return 0
+	fi
+
+
+	cat << \_EOF_
+/*
+ * OpenSSL no longer offers the "-C" option for its dhparam
+ * subcommand, so we keep our own C-code here...
+ */
+
+static DH * get_dhParams(void) {
+	static unsigned char dhp_2048[] = {
+#include "generateddh.txt"
+	};
+	static unsigned char dhg_2048[] = {
+		0x02
+	};
+	DH	       *dh = DH_new();
+	BIGNUM	       *p, *g;
+
+	if (dh == NULL)
+		return NULL;
+	p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL);
+	g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL);
+	if (p == NULL || g == NULL
+	    || !DH_set0_pqg(dh, p, NULL, g)) {
+		DH_free(dh);
+		BN_free(p);
+		BN_free(g);
+		return NULL;
+	}
+	return dh;
+}
+_EOF_
+
+	return 0
+}
 
 gen_dh_params_openssl() {
-	openssl_dhparam "${bits}" < /dev/null || return 1
+	openssl_dhparam3 "${bits}" < /dev/null || return 1
 	return 0
 }
 
 gen_dh_params_remote() {
 	url="https://2ton.com.au/dhparam/${bits}"
 
 	r_input="`curl -sS "${url}"`" || \
 		r_input="`wget -O - -o /dev/null "${url}"`" || return 1
 
-	if r_output="`echo "${r_input}" | openssl_dhparam`"; then
+	if r_output="`echo "${r_input}" | openssl_dhparam1`"; then
 		echo "${r_output}"
 
 		return 0
 	fi
 
@@ -44,10 +91,12 @@
 	return 1
 }
 
 gen_dh_params_fallback() {
 	cat << \_EOF_
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 DH *get_dhParams(void) {
 	static unsigned char dhp[] = {
 _EOF_
 	case "${bits}" in
 		2048)
@@ -268,13 +317,13 @@
 echo "** Generating DH Primes.   **" >&2
 echo "** This will take a while. **" >&2
 echo "*****************************" >&2
 echo "Use OpenSSL" >&2
 gen_dh_params_openssl && exit 0
-echo "Use Remote" >&2
-gen_dh_params_remote && exit 0
+#echo "Use Remote" >&2
+#gen_dh_params_remote && exit 0
 echo "Use fallback" >&2
 gen_dh_params_fallback && exit 0
 
 echo "Unable to generate parameters for DH of ${bits} bits" >&2
 
 exit 1