Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SSLOpenSSLConfCmd to specify DHParameters in Apache 2.4? #62

Closed
tomsommer opened this issue Oct 1, 2019 · 4 comments
Closed

Use SSLOpenSSLConfCmd to specify DHParameters in Apache 2.4? #62

tomsommer opened this issue Oct 1, 2019 · 4 comments

Comments

@tomsommer
Copy link

It seems you can do SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" with Apache 2.4.8+ and OpenSSL 1.0.2+
@tomato42
Copy link
Member

tomato42 commented Oct 1, 2019

why we should do that?
AFAIK, it's just a wrapper around the old API (talking about OpenSSL)

@tomsommer
Copy link
Author

It's easier when wanting do a serverwide configuration. Appending to the cert-chain is a pain as it has to be done per-certificate, and also harder if you already have an existing certificate in place.

This more mirrors the nginx way of doing it.

@tomato42
Copy link
Member

tomato42 commented Oct 2, 2019

but then apache since 2.4.7 does select the DH parameters based on the size of the RSA key, so this applies only to the situation when you need to use 1024 bit parameters... which is a niche configuration

@tomsommer
Copy link
Author

Fair point. Just wanted to highlight the feature. Good to attach an reason to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomsommer @tomato42