Re: How to use DH 4096 parameters?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: How to use DH 4096 parameters?
From: Walter Hop <apache@xxxxxxxxxxxxxxxxx>
Date: Mon, 14 Mar 2022 21:32:50 +0100
In-reply-to: <CAKQ1sVNpKu8at2hzbQQMWjCwLexJqN9RVqFk2K==WgQnSLO9vA@mail.gmail.com>
Reply-to: users@xxxxxxxxxxxxxxxx

On 14 Mar 2022, at 19:02, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:

Step 3) does not work anymore with latest openssl versions, the only
way to configure custom dhparams in httpd is to append them to the
certificate file (see
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile).

Thank you so much! This was the solution.

The scanner is no longer complaining! :) https://internet.nl/site/lifeforms.nl/1529724/#

For those who stumble on this thread with the same issue, I’ll review:

- I created a 4096 bit RSA key

- I requested a certificate with Let’s Encrypt

- I appended the RFC's standard 4096 bit DH parameters file to the certificate, e.g.

# wget https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem

# cat ffdhe4096.pem >> newcert.pem

(or the name of your certificate)

Restart Apache and it should look great.

Thank you all for the input!

Cheers,

References:
- How to use DH 4096 parameters?
  - From: Walter Hop
- Re: How to use DH 4096 parameters?
  - From: Yann Ylavic

Prev by Date: Re: configure fails using --with-pcre with httpd-2.4.53
Next by Date: "Size of Request header field exceeds limit" despite changed limits - how to debugg further?
Previous by thread: Re: How to use DH 4096 parameters?
Next by thread: Coin Master - Support is on the way!
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]