Apache 2.4.16 built against LibreSSL 2.2.3 on x86_64 Linux
There is an old patch to Apache :
https://bz.apache.org/bugzilla/show_bug.cgi?id=49559
It provided a new directive
SSLDHParametersFile /path/to/dh2048.pem
The patch no longer applies and even if I could make it apply and build
I'm not confident I could do it safely.
The current method with apache is to apply the DH parameters to the
certificate, which I find distasteful - or to use the
SSLOpenSSLConfCmd
directive, but that requires OpenSSL 1.0.2 and appears to be a new API
feature not in LibreSSL, which is only API compatible with OpenSSL 1.0.1.
What I would like to do is throw a script in /etc/cron.weekly/ that once
a week does a regeneration of the DH parameters and reloads apache.
I can do that with Postfix etc. easy enough, but not with Apache, not
unless the script manipulates the TLS certificate file which I really
don't see as wise or the way things should be done.
Is anyone aware of a current patch to Apache that does something similar
to that old patch?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
