Right now we ship with hard coded DH parameters and a default certificate. That means that security is rather poor as every tladm installation will by default have the same encryption.
We should do what most other servers do, and generate these things on the target system.
(Actually, we can probably keep the DH params hard coded. It seems that this is commonly done, although I don't quite understand the security implications of it. We could at least generate new ones as part of the build.)
New, ThinLinc-specific DH parameters in r23603.
Diffie-Hellman parameters should ideally not be generated these days (see bug 7723), so this bug is now just about our certificates.