https://bz.apache.org/bugzilla/show_bug.cgi?id=57984
--- Comment #1 from Rainer Jung <[email protected]> --- The original approach in BZ 49559 was not the one actually implemented in 2.4.x. In 2.4 starting with 2.4.7, first of all the strength of the default DH params are derived from the strength of the certificate file. So if for example the certificate uses a 2048 bit key, then httpd will automatically also choose (standard) 2048 bit parameters for the ephemeral DH key exchange. Furthermore you can generate custom params like in your approach, but instead of putting them into a seperate file you configure with a new directive, you just append the params to the first configured certificate file. This approach has been backported to 2.2.x and will be part of 2.2.30. You can test it by building a current (non-released) 2.2.x trunk or by applying r1680916 (svn.apache.org/r1680916). Feedback on our approach is welcome. As said it works the same way as a current 2.4 version. The official release of 2.2.30 should not be too far in the future, but it has not yet been tagged. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
