https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
Erwann Abalea <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|2.2.14 |2.4-HEAD --- Comment #2 from Erwann Abalea <[email protected]> --- A new version of the patch has been provided, based on httpd 2.4.2. When generating your own DH parameters, add the "-dsaparam" option to openssl commandline, this speeds up the handshake by about 15% for a 1024bits prime to 30% for a 2048bits prime. With "-dsaparam" option, the private key is limited to 160 bits for a <2048bits prime, and 256 bits for a >=2048bits one. You then have 80bits of security for a 1024bits prime, but based on NFS results you can't get much. 2048bits prime with a 256bits private key length gives you 128bits of security. -- You are receiving this mail because: You are the assignee for the bug.
