Comment 34 for bug 1197884

(In reply to Erwann Abalea from comment #9)
> This function is similar to SSL_read_X509 and SSL_read_PrivateKey defined in
> the same file, and used by the module to read the corresponding objects.

Perhaps this is an opportunity to clean up some mod_ssl cruft... I just took an extended proposal to the mailing list, to stir some further discussion:

http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%<email address hidden>%3E

Additionally, I think we should consider to use 2048-bit DH parameters by default if the cert's RSA/DSA key is 2048 bits or more (so that sysadmin's don't have to generate their custom DH parameters to get more than 1024 bits for DHE). Changing this by default is probably debatable, and therefore another reason I'm taking it to the list.