From owner-freebsd-apache@FreeBSD.ORG Wed Jun 10 07:11:50 2015 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1AE4CAD4 for ; Wed, 10 Jun 2015 07:11:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0891B122B for ; Wed, 10 Jun 2015 07:11:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t5A7Bnap040317 for ; Wed, 10 Jun 2015 07:11:49 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: maintainer-feedback requested: [Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive Date: Wed, 10 Jun 2015 07:11:50 +0000 X-Bugzilla-Type: request Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 07:11:50 -0000 Winni Neessen has reassigned Bugzilla Automation 's request for maintainer-feedback to apache@FreeBSD.org: Bug 200756: [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756 --- Description --- Hi, As Apache 2.2.x is not providing a way to use a self-generated set of DH params via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), I've created a workaround, that generates a set of DH params during compile time, so that apache22 is still able to follow the recommendation of not using the default set of 512/1024bit DH params, that is shipped with Apache per default. I'd already published the workaround on https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to submit a PR for FreeBSD, so here it is. I wasn't able to figure, how to attach 2 files to this PR, so I am following the documentation at https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing .html and provide the URLs. Patch for www/apache2/Makefile: https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635 24bbcbe67c4a7c/files/Makefile.patch Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c: https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635 24bbcbe67c4a7c/files/ssl_engine_dh_c.patch Hope that helps, Winni