https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
--- Comment #8 from Kaspar Brand <[email protected]> --- Created attachment 30804 --> https://issues.apache.org/bugzilla/attachment.cgi?id=30804&action=edit PoC: read (EC)DHE parameters from SSLCertificateFile (applies to trunk and 2.4.x) I'm fine with the idea, but the implementation in the patches submitted so far is too complex, in my opinion (in particular the SSL_read_DHparams stuff, which tries to support/read three different formats). Here is an alternative proposal: - only support PEM-formatted parameters (-----BEGIN DH PARAMETERS---- / -----END DH PARAMETERS-----) - use the existing SSLCertificateFile directive to support per-vhost, custom DHE and ECDHE parameters Attached is a - lightly tested - proof of concept, to be applied to either trunk or 2.4.x... testing and feedback welcome. To specify EC curve names, append the output of "openssl ecparam -name secp521r1" or your favorite curve to SSLCertificateFile (of course the docs for SSLCertificateFile would have to be extended, if there is a general agreement on taking this approach). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
