[Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Jun 10 07:11:50 UTC 2015


            Bug ID: 200756
           Summary: [patch] www/apache22: Logjam DH params workaround for
                    Apache 2.2.x due to lack of "SSLOpenSSLConfCmd"
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: apache at FreeBSD.org
          Reporter: winni at insecure.so
          Assignee: apache at FreeBSD.org
          Keywords: patch
             Flags: maintainer-feedback?(apache at FreeBSD.org)


As Apache 2.2.x is not providing a way to use a self-generated set of DH params
via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), I've
created a workaround, that generates a set of DH params during compile time, so
that apache22 is still able to follow the recommendation of not using the
default set of 512/1024bit DH params, that is shipped with Apache per default.

I'd already published the workaround on
https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to submit
a PR for FreeBSD, so here it is.

I wasn't able to figure, how to attach 2 files to this PR, so I am following
the documentation at
and provide the URLs.

Patch for www/apache2/Makefile:
Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c:

Hope that helps,

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-apache mailing list