On 14 Mar 2022, at 19:02, Yann Ylavic <ylavic....@gmail.com> wrote: > > Step 3) does not work anymore with latest openssl versions, the only > way to configure custom dhparams in httpd is to append them to the > certificate file (see > https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile > <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile>).
Thank you so much! This was the solution. The scanner is no longer complaining! :) https://internet.nl/site/lifeforms.nl/1529724/# <https://internet.nl/site/lifeforms.nl/1529724/#> For those who stumble on this thread with the same issue, I’ll review: - I created a 4096 bit RSA key - I requested a certificate with Let’s Encrypt - I appended the RFC's standard 4096 bit DH parameters file to the certificate, e.g. # wget https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem <https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem> # cat ffdhe4096.pem >> newcert.pem (or the name of your certificate) Restart Apache and it should look great. Thank you all for the input! Cheers, WH
