Ubuntu
apache2 package

Bug #1197884
Comment #19

Comment 19 for bug 1197884

Revision history for this message

Andreas Tauscher (ta-lonestar-bbs) wrote on 2015-05-25:

#19

mod_ssl from apache 2.2.29 with 2048 and 3072 bit DH parameters Edit (122.7 KiB, application/x-tar)

I did not want to wait until this is fixed for apache 2.22 in Ubuntu 12.04

So I took mod_ssl from apache 2.2.29 which supports ECDH.
Additional I removed the 512 and 1024 bit DH parameters from ssl_engine_dh.c and replaced them with 2048 and 3072 bit.
Two DH keys are not needed because libssl in 12.04 never asks for more than 1024 bit so always 3072 are returned. But I realised this afterwards....

You can download my modified mod_ssl from http://download.ict-pros.co.tz/mod_ssl-apache2.22.tar.bz2
Short instructions:
apt-get source apache2
apt-get build-dep apache2
Replace modules/ssl with the modified version.
Run within modules/ssl perl ./ssl_engine_dh.c to generate your own DH parameters.
Build the package. After updates mod_ssl.so will be overwritten so you have to copy your compiled version from debian/apache2.2-bin/usr/lib/apache2/modules/ to /usr/lib/apache2/modules/ and restarting apache.

Andreas

Ubuntuapache2 package

Comment 19 for bug 1197884

Ubuntu
apache2 package