Description:
The server can use only a compiled in set of Diffie-Hellman parameters.
Instead of needing to recompile the server to change this allow overriding the compiled in default via a configuration parameter.

How to repeat:
As reported in https://github.com/mysql/mysql-server/commit/866b988a76e8e7e217017a7883a52a12ec5024b9#comm....
Inspect vio/viosslfactories.c

Suggested fix:
Implement a new server parameter to specify the location of a DH parameters file.

Problem #1: Using a static value for all servers is that if that value is broken, all servers are broken. From https://weakdh.org/ :

    Breaking the single, most common 1024-bit prime used by web servers
    would allow passive eavesdropping on connections to 18% of the Top 1 Million
    HTTPS domains. A second prime would allow passive decryption of connections
    to 66% of VPN servers and 26% of SSH servers.

Problem #2: Not allowing a custom value requires a code modification and recompile to resolve issues associated with the static value. From https://bugs.mysql.com/bug.php?id=77275 :

    The newest RHEL/CentOS/SL 6.6 openssl package contains a fix for
    CVE-2015-4000 (LogJam) [which] limit the use of any SSL DH key sizes
    to a minimum of 768 bits. This breaks any DHE SSL ciphers for MySQL
    clients, since the default DHPARAM is a 512 bit one. As far as I can
    tell this cannot be changed in configuration/runtime; and needs a recompile.

or generate it on start up -> time openssl dhparam -out dhparams.pem 1024 -> 1.7 seconds, 2K -> 91 seconds.

so two vars:
ssl_dh_size - key size of autogenerated DH parameters - defaults to 0 (use internal) though could be 1-2K in 5.7, allowed values >= 1024 or 0
ssl_dh_file - dh file to load, if it exists. If it doesn't exist and ssl_dh_size > 0 then DH params are created on startup. If ssl_dh_file is writable by the server, generated parameters are saved to the ssl_dh_file.