On Sun, Mar 13, 2022 at 3:55 PM Walter Hop <apache@xxxxxxxxxxxxxxxxx> wrote: > > On my old setup, this was DH 2048, which is considered “insufficient” according to internet.nl. I have tried the following things: > > 1) use a 4096 bit RSA key and get a new certificate > 2) generate DH params with: openssl dhparam -out /etc/apache2/dhparam.pem 4096 > 3) in my configuration, added: SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem” Step 3) does not work anymore with latest openssl versions, the only way to configure custom dhparams in httpd is to append them to the certificate file (see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile). Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|