Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SSLOpenSSLConfCmd to specify DHParameters in Apache 2.4? #62

Closed
tomsommer opened this issue Oct 1, 2019 · 4 comments

Comments

@tomsommer
Copy link

commented Oct 1, 2019

It seems you can do SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" with Apache 2.4.8+ and OpenSSL 1.0.2+

@tomato42

This comment has been minimized.

Copy link
Member

commented Oct 1, 2019

why we should do that?
AFAIK, it's just a wrapper around the old API (talking about OpenSSL)

@tomsommer

This comment has been minimized.

Copy link
Author

commented Oct 2, 2019

It's easier when wanting do a serverwide configuration. Appending to the cert-chain is a pain as it has to be done per-certificate, and also harder if you already have an existing certificate in place.

This more mirrors the nginx way of doing it.

@tomato42

This comment has been minimized.

Copy link
Member

commented Oct 2, 2019

but then apache since 2.4.7 does select the DH parameters based on the size of the RSA key, so this applies only to the situation when you need to use 1024 bit parameters... which is a niche configuration

@tomsommer

This comment has been minimized.

Copy link
Author

commented Oct 2, 2019

Fair point. Just wanted to highlight the feature. Good to attach an reason to it.

@tomsommer tomsommer closed this Oct 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.