On Mon, 30 Sep 2013 18:40:28 +0200 Kaspar Brand <[email protected]> wrote:
> Testing patches and reporting on its results e.g. (as previously > solicited in this thread). I have put a backport of the relevant trunk > commits under > > https://people.apache.org/~kbrand/mod_ssl-2.4.x-ekh.diff I found that this doesn't apply cleanly on released apache, but it's mostly due to doc rejects. https://svn.schokokeks.org/repos/overlay/trunk/www-servers/apache/files/apache-2.4.6-modssl-dhparams.diff is the patch minus some documentation parts re-diffed against 2.4.6 release. I'm running this now on some test servers (I previously had other preliminaty dh patches from the bugtracker). I like the auto-selection due to rsa key size. Works for me now, I have tested different RSA key sizes on one server and I get different DH moduli: https://www.ssllabs.com/ssltest/analyze.html?d=2048.dosdriver.de https://www.ssllabs.com/ssltest/analyze.html?d=backup1.schokokeks.org No issues so far, so from me: Tested and works. and I'm glad this finally gets some attention. > and will soon add it as a proposal to 2.4.x/STATUS (if my remaining > tests with 2.4.6-dev are successful). The backport proposal then needs > consensus approval, as explained under > http://httpd.apache.org/dev/guidelines.html, so at least two +1 from > other devs are needed as well. I'm not an apache dev, but you get +1 from me for backporting :-) Hanno -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
signature.asc
Description: PGP signature
