+1 sorry for the noise, the default seems to be changed to 2048
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 indeed i missed: DH parameter interoperability with primes > 1024 bit Beginning with version 2.4.7, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits (from RFC 3526), and hands them out to clients based on the length of the certificate's RSA/DSA key. With Java-based clients in particular (Java 7 or earlier), this may lead to handshake failures - see this FAQ answer for working around such issues. Am 20.11.2013 00:12, schrieb Reindl Harald: > > Am 19.11.2013 18:45, schrieb Jim Jagielski: >> The pre-release test tarballs for Apache httpd 2.4.7 can be found >> at the usual place: >> >> http://httpd.apache.org/dev/dist/ >> >> I'm calling a VOTE on releasing these as Apache httpd 2.4.7 GA. >> >> [ ] +1: Good to go >> [ ] +0: meh >> [ ] -1: Danger Will Robinson. And why. >> >> Vote will last the normal 72 hrs. >> >> NOTE: The *-deps are only there for convenience > > https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 > still not included and patches for 2.4.6 flying around no longer matching > > [root@srv-rhsoft:~]$ apachectl -t > AH00526: Syntax error on line 20 of /etc/httpd/conf/httpd-ssl.conf: > Invalid command 'SSLDHParametersFile', perhaps misspelled or > defined............... > > because the original patch is more than a year old and > https://www.ssllabs.com/ssltest/ > gives you 5 additional points for a 2048 bit DHE key -1 from me
signature.asc
Description: OpenPGP digital signature
