https://bz.apache.org/bugzilla/show_bug.cgi?id=65764
--- Comment #8 from Klemen Mihevc <so...@outlook.com> --- (In reply to Joe Orton from comment #7) > > Why do you want custom DH parameters? OpenSSL also "discourages" > applications from overriding the built-in parameter selection. OpenSSL is matching DHParam size to certificate key size and is using DHParams from rfc3526. Some online webaudits like https://en.internet.nl/ are marking 2048bit dhparam as less secure/phased out, and btw i know this is nit picking dont get me wrong (but guh OCD need 100% on tests) :)... I was using for years 4096bit DHParam key from rfc7919 with a custom parameter thats all and it stoped working. For me is no problem to add in to certificate renew script cating of DHParam in to certificate and use it like this, its one line of code, when im already pushing certificates on printers and wireless APs, just i knew it wasnt needed before and i feel like it shouldnt be needed and should be a way to set it as custom file and not as a part of certificate chain. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
