maintainer-feedback requested: [Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 10 07:11:50 UTC 2015
Winni Neessen <winni at insecure.so> has reassigned Bugzilla Automation
<bugzilla at FreeBSD.org>'s request for maintainer-feedback to apache at FreeBSD.org:
Bug 200756: [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x
due to lack of "SSLOpenSSLConfCmd" directive
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756
--- Description ---
Hi,
As Apache 2.2.x is not providing a way to use a self-generated set of DH params
via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), I've
created a workaround, that generates a set of DH params during compile time, so
that apache22 is still able to follow the recommendation of not using the
default set of 512/1024bit DH params, that is shipped with Apache per default.
I'd already published the workaround on
https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to submit
a PR for FreeBSD, so here it is.
I wasn't able to figure, how to attach 2 files to this PR, so I am following
the documentation at
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing
.html
and provide the URLs.
Patch for www/apache2/Makefile:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635
24bbcbe67c4a7c/files/Makefile.patch
Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635
24bbcbe67c4a7c/files/ssl_engine_dh_c.patch
Hope that helps,
Winni
More information about the freebsd-apache
mailing list