Hi Jon, On Wed, Aug 19, 2015 at 4:38 AM, Jon Gerdes <[email protected]> wrote: > On Tue, 2015-08-18 at 23:04 -0400, Ted Byers wrote: >> On our latest penetration test, our pfsense machines were flagged as having >> a SSL/TLS Diffie-Hellman Modulus <= 1024 Bits, allegedly making it >> vulnerable to Logjam. This is for the web server on the pfsense machine, >> used to administer it. >> >> I do not, at present, care about the wherefore and why. >> >> All I want to know is where and how the size of the Diffie-Hellman modulus >> is configured, and what do I change in order to have that set to,say, 2048 >> bits. >> >> Thanks >> >> Ted >> > > Which version of pfSense? > > You can import your own certificate signed externally with whatever > parameters you like and I notice that if I try and generate a new one in > certificate manager (on 2.2.4), it defaults to a key length of 2048 bits > and SHA256. >
On investigation, we found the certificate is not the problem as our certificate is already 2048 bit. What else might this be? Thanks Ted _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
