[Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 10 07:11:50 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756
Bug ID: 200756
Summary: [patch] www/apache22: Logjam DH params workaround for
Apache 2.2.x due to lack of "SSLOpenSSLConfCmd"
directive
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: apache at FreeBSD.org
Reporter: winni at insecure.so
Assignee: apache at FreeBSD.org
Keywords: patch
Flags: maintainer-feedback?(apache at FreeBSD.org)
Hi,
As Apache 2.2.x is not providing a way to use a self-generated set of DH params
via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), I've
created a workaround, that generates a set of DH params during compile time, so
that apache22 is still able to follow the recommendation of not using the
default set of 512/1024bit DH params, that is shipped with Apache per default.
I'd already published the workaround on
https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to submit
a PR for FreeBSD, so here it is.
I wasn't able to figure, how to attach 2 files to this PR, so I am following
the documentation at
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing.html
and provide the URLs.
Patch for www/apache2/Makefile:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce63524bbcbe67c4a7c/files/Makefile.patch
Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce63524bbcbe67c4a7c/files/ssl_engine_dh_c.patch
Hope that helps,
Winni
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-apache
mailing list