Date: Wed, 10 Jun 2015 12:23:34 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-apache@freebsd.org Subject: Re: maintainer-feedback requested: [Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive Message-ID: <1433957014.4120675.292074337.574268DE@webmail.messagingengine.com> In-Reply-To: <bug-200756-16115-xjtI96zMBe@https.bugs.freebsd.org/bugzilla/> References: <bug-200756-16115@https.bugs.freebsd.org/bugzilla/> <bug-200756-16115-xjtI96zMBe@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 10, 2015, at 02:11, bugzilla-noreply@freebsd.org wrote: > Winni Neessen <winni@insecure.so> has reassigned Bugzilla Automation > <bugzilla@FreeBSD.org>'s request for maintainer-feedback to > apache@FreeBSD.org: > Bug 200756: [patch] www/apache22: Logjam DH params workaround for Apache > 2.2.x > due to lack of "SSLOpenSSLConfCmd" directive > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756 > > > > --- Description --- > Hi, > > As Apache 2.2.x is not providing a way to use a self-generated set of DH > params > via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter), > I've > created a workaround, that generates a set of DH params during compile > time, so > that apache22 is still able to follow the recommendation of not using the > default set of 512/1024bit DH params, that is shipped with Apache per > default. > > I'd already published the workaround on > https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to > submit > a PR for FreeBSD, so here it is. > > I wasn't able to figure, how to attach 2 files to this PR, so I am > following > the documentation at > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing > .html > and provide the URLs. > > Patch for www/apache2/Makefile: > https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635 > 24bbcbe67c4a7c/files/Makefile.patch > Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c: > https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635 > 24bbcbe67c4a7c/files/ssl_engine_dh_c.patch > Hi Winni, Thanks for your patch! I was working on testing it and I noticed someone already added this to the build process with this commit: https://svnweb.freebsd.org/ports/head/www/apache22/Makefile?revision=386904&view=markup
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1433957014.4120675.292074337.574268DE>