Apache 2.4.16 built against LibreSSL 2.2.3 on x86_64 Linux There is an old patch to Apache : https://bz.apache.org/bugzilla/show_bug.cgi?id=49559 It provided a new directive SSLDHParametersFile /path/to/dh2048.pemThe patch no longer applies and even if I could make it apply and build I'm not confident I could do it safely.
The current method with apache is to apply the DH parameters to the certificate, which I find distasteful - or to use the
SSLOpenSSLConfCmddirective, but that requires OpenSSL 1.0.2 and appears to be a new API feature not in LibreSSL, which is only API compatible with OpenSSL 1.0.1.
What I would like to do is throw a script in /etc/cron.weekly/ that once a week does a regeneration of the DH parameters and reloads apache.
I can do that with Postfix etc. easy enough, but not with Apache, not unless the script manipulates the TLS certificate file which I really don't see as wise or the way things should be done.
Is anyone aware of a current patch to Apache that does something similar to that old patch?
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|