https://bz.apache.org/bugzilla/show_bug.cgi?id=59087
--- Comment #11 from Luca Toscano <toscano.l...@gmail.com> --- Hi Yann and Björn, I would like to update mod_ssl's documentation with this use case but to be as precise as possible I'd ask for an example of "good"/"bad" behavior (or maybe Björn's complete use case if it can be disclosed). >From what I gathered: -------------------- Good: SSlCertificateFile "path_to_ECC_certificate.crt" SSLCertificateFile "path_to_RSA_SSL_certificate1.crt" Issue: DH key exchange uses weak params for connections using the RSA cert (for the authentication part). Motivation: openssl < 1.0.2 lacks support for selecting the current certificate when multiple ones are configured for the same context. --------------------- As you can see my understanding is not really marvelous, I haven't played around ECC and at first sight this bug seems a bit strange to me (so it might be the same for other people). Further question: is there any issue if a dh_param.pem is added and the order is not the above one? Thanks and sorry for the extra work :) Luca -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
