Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase dh primes to 4096 bits and load ssl-dhparams.pem and options-ssl-nginx.conf configs #583

Merged
merged 4 commits into from
Mar 27, 2023
Merged

Increase dh primes to 4096 bits and load ssl-dhparams.pem and options-ssl-nginx.conf configs #583

merged 4 commits into from
Mar 27, 2023

Conversation

stcz
Copy link
Contributor

@stcz stcz commented Mar 19, 2023

Currently, the options-ssl-nginx.conf file is not included in the nginx configuration.

This will add it.

Further increase the size of the dh primes to 4096 bit (closes #527)

@suricactus suricactus added enhancement New feature or request patch Requires patch version change labels Mar 19, 2023
@stcz
Copy link
Contributor Author

stcz commented Mar 19, 2023

I just saw, that this might conflict with scripts/init_letsencrypt.sh

As I understand it correctly, this script should init the nginx configuration, if the configuration path is changed.

@stcz
Copy link
Contributor Author

stcz commented Mar 19, 2023
edited
Loading

scripts/init_letsencrypt.sh should now not be affected, but currently it would download only 2048 bit primes. This should not be a problem.

Another solution might be to remove the files from the repository and create these files with scripts/init_letsencrypt.sh

@suricactus suricactus changed the title Fix tls config Increase the dh primes to 4048 bits and load ssl-dhparams.pem and options-ssl-nginx.conf configs Mar 19, 2023
@suricactus suricactus changed the title Increase the dh primes to 4048 bits and load ssl-dhparams.pem and options-ssl-nginx.conf configs Increase dh primes to 4096 bits and load ssl-dhparams.pem and options-ssl-nginx.conf configs Mar 19, 2023
@m-kuhn
Copy link
Member

m-kuhn commented Mar 27, 2023

Thanks @stcz
@suricactus I would suggest we add a freshly generated 4096 bit prime (generated from openssl) and merge

@m-kuhn @suricactus
Update prime
98ac0e5 
Co-authored-by: Ivan Ivanov <suricactus@users.noreply.github.com>
@m-kuhn m-kuhn merged commit 278510d into opengisch:master Mar 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@suricactus suricactus suricactus approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request patch Requires patch version change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DH prime number should be larger
3 participants
@stcz @m-kuhn @suricactus