Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Jun 2015 07:11:50 +0000
From:      bugzilla-noreply@freebsd.org
To:        apache@FreeBSD.org
Subject:   [Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive
Message-ID:  <bug-200756-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756

            Bug ID: 200756
           Summary: [patch] www/apache22: Logjam DH params workaround for
                    Apache 2.2.x due to lack of "SSLOpenSSLConfCmd"
                    directive
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: apache@FreeBSD.org
          Reporter: winni@insecure.so
          Assignee: apache@FreeBSD.org
          Keywords: patch
             Flags: maintainer-feedback?(apache@FreeBSD.org)

Hi,

As Apache 2.2.x is not providing a way to use a self-generated set of DH params
via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), I've
created a workaround, that generates a set of DH params during compile time, so
that apache22 is still able to follow the recommendation of not using the
default set of 512/1024bit DH params, that is shipped with Apache per default.

I'd already published the workaround on
https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to submit
a PR for FreeBSD, so here it is.

I wasn't able to figure, how to attach 2 files to this PR, so I am following
the documentation at
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing.html
and provide the URLs.

Patch for www/apache2/Makefile:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce63524bbcbe67c4a7c/files/Makefile.patch
Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c:
https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce63524bbcbe67c4a7c/files/ssl_engine_dh_c.patch

Hope that helps,
Winni

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200756-16115>