Re: How to use DH 4096 parameters?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?

Your problem is in step 2) generate DH params - internet.nl explicitly
states that "Self-generated groups are 'Insufficient'". Follow their
instructions to download one of the pre-defined groups from RFC 7919
to make that test happy.

Thanks for your mail! I noticed that advice and already tried it, but it didn’t work! I’ve copied their file https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem to my /etc/apache2/dhparams.pem.

In my Apache config, I am pointing to that file:
SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem”

And I made sure to restart Apache.

However, even with the standard 4096 bit DH params file, still my Apache seems to use 3072 DH… https://internet.nl/site/lifeforms.nl/1529341/#control-panel-14

I’ve also tried using the standard 3072 bit DH params file https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem as they say this should be ’sufficient’ but the result is still ‘insufficient':

So I’m still confused how I can use 4096 bit DH params...

Kind regards,
WH
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux