Am 01.04.2015 um 19:05 schrieb James Peach:
On Apr 1, 2015, at 9:56 AM, Reindl Harald <[email protected]> wrote: Am 01.04.2015 um 15:30 schrieb Leif Hedstrom:It was decided from experiences at LinkedIn that DHE was unstable and/or causing problems in general. It was deemed an incompatible change that should not have happened in the 5.x cycle, so we restored defaults to a state as it was in 5.1. I'll let Thomas and Brian give more details on the issues with DHE. You can still use DHE but you would have to move the params into a file and explicitly tell ATS to use those params.but in which file and how to configure - the docs don't mention it? IMHO the certs file containing the DHE as well as EC params should be enoughYes I agree. However, I don't remember the previous support looking in the cert file for params; is it possible that it ended up silently using the defaults?
DUNNO - however, the behavior of httpd above 2.4.7/2.4.8 is desireable especially when wildcard certificates are used on several services (ATS, httpd, email...)
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile
signature.asc
Description: OpenPGP digital signature
